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Global Developers to Number 
17M by 2009, Report Says 






Metallect's Hoffman doesn't classify 
application assemblers as developers. 



BY LISA MORGAN 

Evans Data revealed the results of 
its first Global Developer Popula- 
tion and Demographics Report in 
late October, which forecasts that 
the global developer population 
will surpass 17 million by 2009. 
The estimate reflects a total 
growth rate of 46 percent between 
2005 and 2009 and, as a matter of 
scale, represents about 3 million 
fewer heads than today's total pop- 
ulation of Australia. 

The Evans Report asserts that 
most developers in 2009 will come 
from the United States, India and 
China, as they do today. However, 
the highest level of growth will 



occur in the Asia Pacific (APAC) 
region, which includes India, Chi- 
na and Japan — a whopping 81 
percent increase between 2005 
and 2009 versus modest North 
American developer growth of 
just 15 percent. In fact, Evans 
Data estimates that, by 2009, 40 
percent of developers will be from 
the APAC region and that the 
number of Chinese developers 
will outpace the number of Japan- 
ese developers by 2009. 

George Gilbert, principal at 
San Francisco-based manage- 
ment consulting firm Tech Strat- 
egy Partners, isn't surprised by 
the aggressive global developer 



community estimate, particularly 
in light of component-based pro- 
gramming models. 

"This is part of a 40-year 
trend to push application devel- 
opment farther out into the user 
community," he said. 

Guy Hoffman, CEO of Metal- 
lect, a Piano, Texas-based soft- 
ware company that focuses on 
change and release management, 
agrees that more users are creat- 
ing software but he draws a line of 
distinction between the breadth 
of professionals who are assem- 
bling SOA components to achieve 
strategic business objectives and 
continued on page 19 ► 



Oracle 'Supports' 
Red Hat Linux 



BY ALEX HANDY 

SAN FRANCISCO — The 
rumored Oracle takeover of Red 
Hat obviously failed. While the 
murmurs from the valley insinuat- 
ed that Oracle was consid- | 
ering a buyout of the Lin- 
ux maker all year long, at 
the Oracle OpenWorld 
conference held here in 
late October, Larry Ellison 
made an announcement that 
could position Oracle as a buyer in 
the future. Oracle, said Ellison, 
now offers full enterprise support 
contracts for Red Hat Linux users, 
regardless of whether or not those 
users are Oracle customers. 
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The move is a slap in the face of 
Red Hat's support department, 
and a threat to Red Hat's support 
revenue, analysts and observers 
agree. Oracle's support options are 
both cheaper and more 
diverse than those offered 
by Red Hat, according to 
Oracle's announcement. 

Oracle also said that it 
would harvest each new 
release of Red Hat Enterprise 
Linux, remove all trademarked 
images and files from the open- 
source software, then post the 
resulting disc images online for 
free distribution. That's something 
that some other Linux distribu- 
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Oracle CEO Larry Ellison announces plans for Linux distribution. 



tions — such as Debian and Gen- 
too — already offer, but which Red 
Hat has never provided. 

Oracle representatives at the 
conference frequently stated that 
Red Hat was the most common- 
ly used Linux distribution in 



their customers' environments. 
However, no one from the com- 
pany would cite any statistics. 

In his keynote address, Elli- 
son said there are some issues 
that are slowing the adoption of 
continued on page 28 ► 



'Cypress' 
Gain a Toehold 
In the Dev Tool 
Marketplace? 

BY MARY JO FOLEY 

How are developers taking to 
Microsoft's latest iteration of 
Visual Studio Tools for Office 
(VSTO), designed to allow them 
to build on top of six of the core 
Office 2007 apps? 

In mid-September, Microsoft 
fielded the one and only beta 
release of its "Cypress" Visual 
Studio 2005 Tools for the 2007 
Office System — or, as it's also 
known, VSTO 2005 Second Edi- 
tion (SE). The product is due to 
go gold at the same time Office 
2007 does, which is expected any 
day now, but definitely "before 
the end of calendar 2006," as 
company officials have stated. 

Developers have been kicking 
the VSTO 2005 SE tires, as indi- 
cated by the volume of postings 
to the Microsoft Developer Net- 
work VSTO forums. 

The overall verdict: VSTO 
2005 SE offers some needed 
capabilities. But Microsoft still 
has plenty of work to do to make 
VSTO the ultimate Office devel- 
opment platform. 

VSTO 2005 SE provides a 
number of features that the cur- 
rently shipping VSTO 2005 prod- 
uct does not. The new release will 
be usable by developers with a 
stand-alone version of Visual Stu- 
dio Professional; the current 
VSTO release is tailored to work 
with Visual Studio Team System 
continued on page 23 ► 
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Selling SOA Goes Beyond Software 

Major players discuss implementation strategies more than products 



BY GEOFF KOCH 

The days are long gone when 
service-oriented architecture, 
or SOA, was a topic discussed 
strictly among geeks. 

Recently IBM posted three 
short animated spots on 
YouTube describing services as 
Lego-like building blocks, 
musical notes and mix-and- 
match clothing. But the 
YouTube community wasn't 
necessarily smitten by the cor- 
porate market-speak. 

"I know one thing for sure — 
[SOA is] tougher than building 
a house with Legos," comment- 
ed one user with a handle of 
"thewwump." 

If anything is for sure, it's 
that momentum may be build- 
ing for SOA to move perma- 
nently beyond IT into the 
broader business landscape 
and lexicon. Yet despite the 
prodigious output of marketing 
departments, it's still difficult 
to discern who has the winning 
SOA strategies at established 
vendors such as BEA Systems, 



IBM, Iona Technologies and 
Microsoft. 

"This is like the early stage 
of the Tour de France, with lots 
of vendors bunched up at the 
beginning of the race," said Ron 
Schmelzer, a senior analyst at 
ZapThink, a consulting firm 
focusing on SOA. "SOA is in 
the same category as total qual- 
ity management, or TQM, Six 
Sigma and ISO 9000— all of 
which took several years to gain 
widespread acceptance in the 
business community." 

On Oct. 3, IBM made a 
wide-ranging announcement 
of four new and 23 enhanced 
software products, including a 
new release of WebSphere 
Business Modeler and new 
software called WebSphere 
Registry and Repository relat- 
ed to SOA governance. 

However, Sandy Carter, IBM 
vice president of WebSphere 
and SOA, certainly seems con- 
tent with the SOA-isn't-really- 
about-software message. 

"Yes, we can talk about the 
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BEA gains greater margins from 
software than services, says Roth. 

WebSphere ESB [enterprise 
service bus]," said Carter, "but I 
think the most significant 
recent announcement has not 
been about a product or an 
offering, but rather the whole 
overarching theme that our 
customers are really seeing val- 
ue from SOA." 

IBM, which is also screening 
an SOA-inspired film in select 



movie theaters nationwide, is 
not alone in ginning up SOA 
marketing messages to some- 
times silly levels. 

On Oct. 10, at the Czech 
Republic stop of BEAWorld — 
BEA modestly describes its 
conference as "the premier 
event for SOA thought leader- 
ship" — the company an- 
nounced the releases of Web- 
Logic Platform 9.2 and 
AquaLogic Business Process 
Management 5.7. The products 
are supposed to shore up 
the foundation of the BEA 
SOA 360 platform, which was 
announced Sept. 19 and was 
billed as the industry's first 
native SOA platform. 

Schmelzer has heard 
promises about the 360 plat- 
form — naturally extensible for 
third-party development, natu- 
rally blendable, perfect for cus- 
tomization to address highly 
specific customer demands — 
and has one knee-jerk reaction. 

"This really is a professional 
services play for BEA, an area 



SUN'S THINKING INSIDE THE BOX 



A grid so big, it comes with its own house. 
That's what Sun Microsystems showed 
off last month with Project Blackbox, mod- 
ified shipping containers that are fully 
functional "instant-on" data centers for 
customers running out of space and power. 
Every container, shown at left, can provide 
up to 1.5 petabytes of disk storage, 7 ter- 
abytes of memory and handle up to 10,000 
simultaneous desktop users. Images from 
Sun show two of the containers, below 
right, deployed on rooftops in a crowded 
city, and deployed by global relief organiza- 
tions to bring computing to remote vil- 
lages, below left. Sun expects to produc- 
tize the data centers by the middle of 
2007, according to Sun's Web site. 








in which the company has been 
somewhat weak," he said. 

Indeed, BEA's Web site 
highlights its SOA for Execu- 
tives set of consulting and edu- 
cation services. Composed of 
workshops and classroom ses- 
sions, the services promise to 
help executives sell their orga- 
nizations on the business bene- 
fits of SOA — presumably by the 
end of 2008, when all of BEA's 
products are supposed to be 
leveraging the so-called micro- 
Service Architecture that un- 
derpins the 360 platform. 

"No, we don't want to back 
up our Humvee full of consul- 
tants and unload them at a 
customer's door," said Bill 
Roth, vice president of BEA 
Workshop, who added that 
BEA was perfectly content to 
stay focused on software, 
where margins are typically 
much higher than in profes- 
sional services. 

Though coy on his consult- 
ing strategy, Roth sounds 
remarkably similar to IBM's 
Carter when talking about just 
what comes up in BEA's SOA 
consulting engagements. 

"Only a third of what we talk 
about has to do with software," 
he said. "The more common 
questions are: 'How do I do 
change management in my 
organization?' and 'How do I 
define costs and benefits of this 
SOA project and make sure that 
I'm aligned with core business 
needs?' " 

NOT EVERYONE IS VOCAL 

In contrast to IBM and BEA, 
which compete perhaps more 
vigorously over their SOA- 
related claims than the technol- 
ogy itself, Microsoft has been 
conspicuously silent on the sub- 
ject of SOA, at least until 
recently. At the company's SOA 
& Business Process Conference 
in early October, the clear mes- 
sage was that Microsoft was 
supporting an incremental, 
start-small approach to SOA. 

"This departs from the 
industry norm of applying a 
high-risk, heavy, 'top-down' 
strategy to SOA implementa- 
tions," said Burley Kawasaki, 
group product manager for 
BizTalk Server at Microsoft. 

Also notably missing from the 

SOA center stage, as Schmelzer 

continued on page 24 ► 
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Following the Rules for Mainframe Modernization 

BluePhoenix solution extracts logic for reuse in Java, services architectures 



BY DAVID RUBINSTEIN 

Recover, refactor and regener- 
ate. That's the approach main- 
frame application modernization 
software provider BluePhoenix 
Solutions advocates for moving 
assets off mainframes and into 
more flexible architectures. 

The company has circled 
Dec. 15 as the date for the 
release of its Redevelopment 
solution, which is made up of a 
family of tools that help organi- 
zations extract business rules 
and other mainframe assets 
and rearchitect the code for 
use in object-oriented or ser- 
vice-oriented architectures, 
according to Tom O'Connell, 
director of research and devel- 
opment for the company. The 
tool first will be able to trans- 
form COBOL applications to 



Java; a C# compiler should be 
completed by the end of 2007, 
he noted. 

Redevelopment, O'Connell 
emphasized, is not a tool for 
1-to-l, statement-to-statement 
migration. "People wanted [the 
reconfigured application to 
have] a better structure, a 
change in the architecture," he 
said. BluePhoenix helps mine 
the business rules out of 
COBOL applications for reuse 
in the newer architectures. "You 
can't get this from a 1-to-l con- 
version," O'Connell said. "That 
just gives you the same architec- 
ture you had in COBOL. They 
called it 'JOBOL. " 

In the financial and insur- 
ance industries, where main- 
frame applications have lived 
the longest, there is a general 



concern that companies are 
losing the resources necessary 
to maintain the applications. 
"It's not just the COBOL pro- 
grammers; it's the whole main- 
frame environment," O'Con- 
nell said, pointing out that 
maintaining the systems will 
become more of a challenge 
in the future, when there 
are fewer qualified mainframe 
system programmers and 
administrators. 

On the other side of that 
coin, though, is the need for 
these big institutions to know 
that whatever platform or 
architecture they choose to 
adopt will be around. These 
companies don't want some- 
thing that will be outdated in 
five years, O'Connell said. 
"They want something that 



Fortifying Black Box Testing 

New Tracer tool spots root cause, reports code coverage 



BY JENNIFER DEJONG 

When it comes to testing a body 
of code for bugs, code coverage 
is a standard practice. But when 
applications are analyzed for 
security flaws, measuring how 
much code has actually been 
tested isn't part of the plan. 

That's one of the issues Forti- 
fy Software aims to address with 
Tracer, a new offering delivered 
by the Palo Alto, Calif. -based 
company last month. 

Tracer is designed to 
improve the effectiveness of 
black box security tools, which 
identify an application's vulner- 
abilities by attacking it in much 
the same way a hacker would. 
"Black box tools tell you, T have 
found 18 issues, and here's what 
they are.' But you also need to 
know how much of the applica- 
tion was hit," said Fortify s vice 
president of products and ser- 
vices Barmak Meftah. "The 
concept of code coverage is 
very well understood in the QA 
world, but in the security world, 
it is missing." 

Tracer, a stand-alone tool 
that complements black box 
offerings from any tool maker, 
addresses another shortcoming 
of the so-called "ethical hack- 
ing" tools. They don't pinpoint 
the root cause of the flaws, said 
Meftah. 
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Fortify Tracer works with black box security testing tools to identify 
which of an application's file systems, databases and other security- 
critical functions were hit, and what percentage of code was covered. 



Tracer, which starts at 
US$24,000 per named user, 
works by putting monitors on 
the attack surface, such as the 
Web, and around security-criti- 
cal functions inside the applica- 
tion, such as those that write to 
files. "You run Tracer against 
the application, and then run 
your ethical hacking tool," he 
said. "Tracer tells you [for 
example] that 23 functions 
were hit out of a 100 percent." 



The black box tool flags a 
SQL injection vulnerability, said 
Meftah, offering an example of a 
well-known flaw, where a hacker 
exploits the query language to 
"call" data that's meant to be off- 
limits. Tracer takes that one step 
further, providing crucial infor- 
mation about the potential 
attack, he said. "It tells you: 
'Here's where the actual call was 
made; here's the stack trace; 
here's the offending line.' " I 



will last 15 or 20 years." 

The first step in using Rede- 
velopment is to gain a complete 
understanding of the COBOL 
application, which is brought 
into the company's LogicMiner 
tool for analysis. The mined 
information from the applica- 
tion is stored in a repository. 
"You want to make sure it's a 
complete application with all 
the artifacts, which can be doc- 
umented" and used in analyti- 
cal reports. 

Then, the Transformation 
Workbench reads the repository 
and begins to break down 
and layer the COBOL applica- 
tion, taking it from a platform- 
specific language to a platform- 
independent, intermediate 
state. In Transformation Work- 
bench, users can do data type 
remodeling, dead code removal, 
and "redefine" and "Go To" 
removal, which are foreign in 
the Java world, O'Connell 
explained. 

The company's AppBuilder 
tool can be used to perform 
more refactorings, such as 
renaming variables, code clean- 



up, writing scripts or enhancing 
features. Also during this phase, 
the business logic is manually 
extracted from the COBOL 
applications and listed in the 
Business Object Catalog. 

Finally, the Java classes or 
services created from the busi- 
ness logic and code are 
brought together and regener- 
ated, with options for config- 
uring the new application, 
O'Connell said. 

Several competing compa- 
nies also have taken this path 
to application modernization, 
notably HP, Interactive Ob- 
jects, SOA Software and Soft- 
ware AG, which also break 
down mainframe applications, 
extract business logic and cre- 
ate Web services from the 
assets. "There are a lot of ways 
to approach the architecture," 
O'Connell said. "But financial 
institutions and insurance com- 
panies — the biggies in main- 
frame — don't want something 
that's only going to last five 
years. They want [a platform 
and architecture] to last 15 or 
20 years." ■ 



CollabNet Opens Up 
Service for Developers 



BY DAVID RUBINSTEIN 

CollabNet went live late 
last month with a new online 
developer service called 
open.collab.net designed to 
provide a professional 
place for developers to 
collaborate on projects. 
CollabNet partners will 
provide tools to help ^^m 
in the process; Ivis Technolo- 
gies' xProcess project manage- 
ment software is the first to be 
announced. 

Chris Clabaugh, CollabNet's 
vice president of business 
development, said the compa- 
ny is working with Sun's Net- 
Beans and Oracle's JDeveloper 
teams to bring the capabilities 
of those IDEs into the site, as 
well as targeting Palamida's IP 
protection software, Mercury's 
testing tools and O'Reilly's best 
practices. 

"We are adamant about soft- 
ware as a service," Clabaugh 
said. "We trying to put up a 
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focused, moderated, com- 
pelling site for users. We want 
to have a center of gravity for 
folks concerned with profes- 
sional development." 

When asked if Col- 
labNet's move was fol- 
lowing the trend set by 
Salesforce.com for on- 
Web composite appli- 
cation development, Clabaugh 
said, "That world is 10 to 15 
years out. If you've put togeth- 
er a composite application 
[today], odds are you're going 
to have the need for a moderat- 
ed community around those 
applications for service and 
knowledge." 

The recently released 
xProcess 2.5 uses the Subver- 
sion version control system for 
persistence, so there is no need 
for persistence from a database, 
according to Christopher Lank, 
CEO of Ivis. This makes the 
system ideal for Web-based 
development, he added. I 




The Object Database 
With Jalapeno. 

Persist POJOs With 
No Mapping. 
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'Your Code Looks Like My Code 1 



Policies, collective goodwill protect IP for open-source projects 



BY JENNIFER DEJONG 

Businesses look to legal counsel 
to protect homegrown code. 
But for open-source projects, 
calling in the lawyers is rarely 



the first line of defense. 

To address intellectual prop- 
erty concerns, they rely primari- 
ly on policies and procedures — 
spelled out in great detail — as 



well as the collective goodwill 
among members of the open- 
source community. "The trust 
level among open-source devel- 
opers is high, and the tolerance 



of impropriety is extremely low," 
said Lawrence Rosen, an attor- 
ney for technology law firm 
Rosenlaw & Einschlag. 

According to Rosen, author 
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Excel DevSuite 



Knowledge-centric Application Lifecycle Management solutions for today's 
distributed development teams. 
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of "Open Source Licensing: 
Software Freedom and Intel- 
lectual Property Law" (Prentice 
Hall 2004), being careful about 
the provenance of code dona- 
tions to open-source projects 
comes down to three things: 
"Know the people you are 
working with, get it in writing 
and publish [the code]." 

Contributors must draft a 
document that says: "I am giv- 
ing you what I own, and I have 
the right to give it to you," he 
explained. Once the code is 
published, the open-source 
community is quick to vet the 
contribution, pointing out if any 
part of it looks and feels like 
someone else's code. 

GOAL: QUICK RESOLUTION 

That situation has occurred, said 
Cliff Schmidt, vice president of 
legal affairs for the Apache Soft- 
ware Foundation. Cases have 
come up where "the code is your 
project looks like the code in my 
project." The similarity is often 
due to a third project, from 
which both parties derived 
pieces of the same open-source 
code, he said. "When that hap- 
pens, there is a discussion, and 
we move quickly to resolve the 
issue." That is typically a matter 
of getting the developer who 
contributed the code to rewrite 
it, so as not to infringe on a copy- 
right, he said. "The community 
rallies around fixing these things 
as soon as possible." 

Apache requires contribu- 
tors to sign a document that 
says their contributions are 
licensed to the Apache Soft- 
ware Foundation and its recipi- 
ents, said Schmidt. They must 
state that they are the author of 
that original work, and that they 
or their employer owns the 
copyright of that work. 

The Eclipse Foundation fol- 
lows a similar approach. "Our 
focus is on ensuring that we 
demonstrate the provenance of 
the code from a copyright stand- 
point," said the foundations 
executive director, Mike Milin- 
kovich. "We work to make sure 
we are not accidentally shipping 
code we are unaware of." 

Eclipse also analyzes code 
contributions by running them 
against an automated intellec- 
tual property tool, he said. But 
smaller projects cannot afford 
to use such offerings, noted 
Rosen. The open-source com- 
munity does a remarkable job 
of vetting code contributions, 
he said. "I have never seen a 
group that is so philosophically 
committed [to its ideals]." I 
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Novell Doctors SUSE for Enterprise, Real Time 

New stack, Big Blue stack show company is taking a whack at broader range of customers 



BY ALEX HANDY 

Novell's stacking up some new 
products for enterprises. In 
October, the company rolled out 
two new versions of its operating 
system and surrounding stacks. 
The first of these is the Integrat- 
ed Stack for SUSE Linux Enter- 
prise, an application stack based 
on IBM's WebSphere Commu- 
nity Edition. Later last month, 
Novell announced SUSE Linux 
Enterprise Real Time, based on 
a modified kernel that offers 
maximum predictability. 

Justin Steinman, director of 
marketing for Linux and open 
platform solutions at Novell, 
said that the new application 
stack wasn't created simply to 
compete with Red Hat's applica- 
tion stack, launched in Septem- 
ber. Rather, said Steinman, the 
idea was hatched over at IBM. 

"We found our reps and 
IBM's reps were jointly selling 
this solution already. They kept 
running into each other in the 
field," said Steinman. Thus, 
when IBM suggested that Nov- 
ell should offer its customers a 
version of its SUSE Linux 
Enterprise Server that included 
WebSphere Community Edi- 
tion and DB2 Express, the free 
editions of IBM's enterprise app 
server and database, respective- 
ly, Novell immediately agreed. 

The Integrated Stack for 
SUSE Linux Enterprise costs 
the same as the operating sys- 
tem on which it is based: 
US$349. Steinman said that the 
stack attracted more than 750 
customers the first day it was 
released, and that IBM is now 
offering it in conjunction with 
its xSeries servers. 

Novell's other new offering, 
SUSE Linux Enterprise Real 
Time, costs considerably more 
than the Integrated Stack. At 
$2,500 per install, however, it's 
still far cheaper than most 
enterprise-level real-time oper- 
ating systems, Steinman said. 

"We have one common 
codebase from which we 
assemble solutions for specific 
business problems. Here, we 
minimize latency and kernel jit- 
ters," Steinman said. He added 
that the real-time modifications 
to the Linux kernel were per- 
formed in conjunction with 
Concurrent Computer, a com- 
pany that specializes in real- 
time operating systems. 

But these new stacks also are 



just the beginning of Novell's part [of future distributions]." "Each real-time implementation man. "One Wall Street customer 

new product push, said Stein- For now, however, his com- is different for every customer. told us that for every 1/1, 000th 

man. "We're working on some pany is concentrating on helping This is something we suggest of a second they could save on 

stuff around thin clients. ...Vir- its customers implement the customers implement with the each transaction, they could save 

tualization is going to be a big new real-time solution properly. help of consultants," said Stein- $100 million a year." I 



Advanced Digital Dashboards require 
Advanced Data Visualization 




u Dundas 

$F Data Visualization 



Create powerful Digital Dashboards using Advanced 
Data Visualization solutions from Dundas! 

Dunda&Chart, Dundas£auge and Dundas Map of fer the Latest 
■ward- winning EGchrologiej that Fortune 500 compares across 
the globe trust to create advanced Dashboard applications, 

tomg. the- Leader m Data Visualization solutions for the .MET 
framework,. Dundas 1 products a^e all destined to give 
organizations Hie tools they need to dynamically visualize all 
their Key Performance Indicators (KPT?) and other critical data 
In real time. 

With built in dnta analysis and sophisticate vl^uat 
customization abilities r Hmndas' solution* offer a comprehensive 
feature set for the qmck creation of advanced Digital 
Dashboard*. 

To download a full evaluation copy of any of Dundas.' Une of 
Data Visualization Solutions, vfelt ww^dundis.com 



•■■■■■ ^ irHHnihrr 



■if l«i™ - «-■ 





fa ^.J. fa 



~- a "~ 










■ Dundas 



fcr.NET 



www.dundas.com 



Dundas 



Chart Gauge Map 

far MPT farNCT** fi"*_ MPT"! 




for.NET 1 



Ffa".r> f |g 



Visual Studio. net 

Tnrhnnto^p 



Lht United Slutn nrd.'ur u'Jrei [fuunLrin 



ilhilll 




www.difjntfastconrr 
infn^'duridas.toiri 
(416)467-5100 
(SW) 4*3-141*2 




Advanced Data Visualization for Microsoft* Technologies 



8 



NEWS 



Software Development Times . November 15, 2006 



www.sdtimes.com 



Composite Refreshes Information Server 



CIS 4.0 offers easier access to data, improved caching 



BY P.J. CONNOLLY 

SOA data service technology 
provider Composite Software 
rolled out a major release of its 
namesake Composite Informa- 
tion Server (CIS) last month. 
Composite began in 2002 with 
what the company calls "enter- 
prise information integration," 
and the approach has since 
evolved into an SOA-focused 
data services model that other 
vendors, including BMC, Cog- 
nos and Informatica, use as a 
foundation technology for con- 
solidated data services. 

CIS 4.0 reinforces the prod- 
uct's SOA capabilities, adding 
XPath transformation mapping 
to support arbitrary and com- 
plex transformations of data 
sets between disparate XML 
schemas, and enhanced in- 
teroperability with SQL data- 
base environments. Robert 
Eve, Composite s vice president 
of marketing, observed that 
the products strengths lie in 
the company's data-centric 
approach: "We find cases where 



there's lots of data, condi- 
tional logic, diverse com- 
plexity, and those are the 
things we focus on. We're 
focused on the data." 

The enhanced SQL 
support takes two forms: 
the ability to access XML 
data from within SQL, 
and the ability to store 
CIS' XML documents in 
SQL databases, including 
MySQL, Oracle and Sy- 
base repositories. In prac- 
tice, these features can 
give users a great deal of 
flexibility in how they can 
store enterprise data, 
deliver it as business 
information and repur- 
pose it when necessary. 
CIS 4.0 also adds SQL 99 
support for advanced 
database support. 

Parameterized procedures 
and Web services calls can be 
cached by CIS, which now has 
transaction caching to improve 
the performance of procedure 
calls and Web services opera- 
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Composite Information Server 4.0 (in red) fills in the gaps between back-end data 
stores and applications, allowing data to be more flexibly consumed. 



tions. Composite's other prod- 
ucts can take advantage of auto- 
matic DDL (data definition 
language) execution for the 
database-hosted cache, which is 
also new in this release. 

Avtandil Garakanidze, prod- 



uct management director for 
CIS, explained why perfor- 
mance is such an obsession: 
"We spent a lot of our time 
improving the overall perfor- 
mance of the distributed query 
and the federation, because our 



product is, more often than not, 
deployed in very time-sensitive 
environments, with a bunch of 
volatile data." 

CIS 4.0 adds improved 
metadata management, includ- 
ing metadata search features. 
Users can now import data 
from modeling tools, including 
Embarcadero Technologies' 
ER/Studio and ER/Win. As 
Garakanidze noted, "When our 
customers deploy our enter- 
prise platform, they [have] 
often already modeled their vir- 
tual and logical and physical 
views in third-party tools, and 
they'd like to reuse them." 

The new release incorpo- 
rates security enhancements 
such as certificate-based 
authentication, extended SSL 
over HTTP communication, 
and continuous LDAP synchro- 
nization, along with support for 
WSS (formerly WS- Security). 

CIS 4.0 now runs on 64-bit 
Red Hat Linux, and SUSE Lin- 
ux in both 32- and 64-bit envi- 
ronments, in addition to Solaris 
and Windows systems. It sup- 
ports any JDRC-compliant 
database, including those from 
IBM DB2, Informix, Microsoft 
SQL Server, MySQL, Netezza, 
Oracle and Sybase. I 
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NEW* 



, COMPANIES , 



Application life-cycle management solutions provider Seapine Soft- 
ware has opened Seapine Labs, a portal for customers and developers 
to "kick the tires" on new products before they are made widely avail- 
able. Other areas in the lab will allow use of and contributions to the 
library of best practices and the use and download of not-ready-for- 
prime-time development tools. "By providing behind-the-scenes 
access to product development, Seapine Labs facilitates involvement 
from our customer and developer communities that will help shape 
better products," Richard Riccetti, president and CEO of Seapine, said 
in a statement . . . Real-time virtual machine provider Aonix will joint- 
ly market its PERC solutions with the real-time Linux platforms of Con- 
current Computer. The solution is targeted at companies in telecom- 
munications, space exploration, avionics and office automation that 
need to update their mission-critical software with Java technology. 
PERC Ultra offers J2SE support for complex embedded applications, 
while PERC Pico gives Java developers performance in hard real-time 
applications comparable to C/C++. Concurrent's real-time systems are 
RedHawk Linux and SUSE Linux Enterprise Real Time. 



NEW PRODUCTS 



A JUnit testing framework for Java ME is available now from Sony 
Ericsson. Mobile JUnit 1.0 for Java ME CLDC can perform fully auto- 
mated regression testing of CLDC applications either in emulation or 
on the actual target phone. Also included is a set of guidelines and 
principles for such testing . . . AccuSoft is bringing to market 
ImageGear MD for .NET, an imaging SDK for the development of 
medical applications for the Microsoft framework. At a cost of 
US$4,995, the tool enables loading and saving of medical images that 
use the DICOM 3.0 file format standard, whether monochrome, pal- 
continued on page 28 ► 



Paradise by the Dashboard Lights 

Cenzic provides central tool for app risk assessment 



BY DAVID RUBINSTEIN 

To make its vulnerability testing 
even more useful for business- 
es, Cenzic on Nov 15 is expect- 
ed to release a risk assessment 
dashboard designed to bring 
consistency to a company's 
applications from a security 
perspective. 

Hailstorm Enterprise Appli- 
cation Risk Controller (ARC) is 
a central administrative tool for 
running and viewing risk 
assessments and for creating 
workflows for different groups 
in an enterprise, according to 
Mandeep Khera, vice president 
of marketing for Cenzic. If 
those groups even do vulnera- 
bility analysis at all, it's only on 
the applications they are using, 
and their recommendations 
might conflict with the analysis 
and suggestions from another 
group. "There is no one single 
view of the enterprise," Khera 
said. 

After pointing Hailstorm 
Enterprise ARC at an IP 
address, the intelligent dash- 



board can discover all applica- 
tions on that network, show 
which have been tested, which 
haven't been tested in a while, 
and which have never been 
tested. Users can then set prior- 
ities to schedule vulnerability 
assessments from the dash- 
board, Khera said, as well as 
decide where to allocate 
resources or to provide training 
for workers whose tests consis- 
tently fail. 

Hailstorm Enterprise ARC 
is especially useful in organiza- 
tions where applications are 
widely deployed across dis- 
parate business units, develop- 
ers and QA teams, Khera said. 
Role-based deployment of the 
assessment data is made possi- 
ble so the information de- 
livered is relevant to the in- 
dividual. A line-of-business 
manager's most pressing con- 
cern might be revenue from a 
product, while a QA manager 
might need to know about the 
application's functionality, and 
a CIO might want to know 



about the risk of deploying 
that application. All this infor- 
mation is provided through 
one customizable dashboard, 
Khera said. 

"Companies never know 
exactly what's going on" in their 
application infrastructure, he 
said. "This forces them to gain 
visibility. At one of our cus- 
tomers, a CIO thought his com- 
pany had between eight or 10 
applications. It turns out they 
had 120." 

IN HARM'S WAY 

A key component being intro- 
duced with this release is 
Hailstorm Application Risk 
Metric, which is a methodolo- 
gy for assigning qualitative 
risk scores to applications 
based on their type, priority, 
use and other factors, Khera 
explained. The dashboard is 
integrated with Cenzic's line 
of Hailstorm automated test- 
ing tools, which emulate how 
a hacker might attack an 
application. I 
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Klocwork Beefs Up Static Analysis Suite 

Sixty-six new Java tests, JSP support, multicore help, all part of new release 



BY P.J. CONNOLLY 

Klocwork released its K7.5 sta- 
tic analysis suite for C/C + + and 
Java software development 
environments, including a new 
conversion capability for de- 
tecting errors in JavaServer 
Pages, and 66 new defect 
checkers for Java. 

The new release adds sup- 
port for automatic parsing of 
project files in Microsoft Visual 
Studio 2005. The company also 
announced that it would be 
extending its IDE support in 
future releases, to include Jet- 
Brains' IntelliJ IDEA and Net- 
Beans. 

Klocwork K7.5 is even more 
thorough than the previous 
version was at ferreting out 
problems in code, according to 
the company; the new Java 
Checkers include 49 quality 
defect tests and 17 security- 
related ones. 

The company has been par- 
ticipating in an ongoing scrutiny 
of open-source software; when 
K7.5 and K7.1 were run against 
three open-source projects — 
the JBoss application server, the 
Limewire file-sharing program, 
and the HSQLDB database 
management system — the K7.5 
checker found almost twice the 
number of defects as its prede- 
cessor, claimed Klocwork's vice 
president of product manage- 
ment, Ian Gordon. "We think 
we've done a pretty good job of 
finding more things that are 
serious [problems] within these 
open-source applications, by 
developing these new checkers 
and capabilities." 

K7.5 introduces new concur- 
rency checkers to help C/C+ + 
developers who wish to take 
advantage of dual and multicore 
systems and address the chal- 
lenges of the new technology. 
"The issue with multicore is just 
that you've got to be careful 
when you're doing things and 
where you're doing them," Gor- 
don observed. "There's this 
notion of locking things and 
unlocking them to denote where 
they can start and stop, if you 
want to make sure that a certain 
part of your code will run unin- 
terrupted, so it doesn't get dis- 
tributed across two processors." 
K7.5 helps developers use the 
concept of lock and unlock 
appropriately, he said. 

Also new in K7.5 is an exten- 
sibility API that allows users to 



monitor quality and security 
with custom rules that can be 
applied to mobile code and 
Web applications as well as net- 
work and telecom modules. 



Shops that use the Ant for 
Java build tool can take advan- 
tage of new integration that 
allows Klocwork static analysis 
to be run as part of the build 



cycle, which reduces turnaround 
time and guarantees that all the 
code has been checked. 

Klocwork K7.5 now plugs 
into Eclipse 3.2, IBM Rational 



Application Developer 6.0, 
QNX Momentics 6.3, and Wind 
River Workbench 2.4 and 2.5, 
and runs on Red Hat and SUSE 
Linux, Solaris and Windows. I 
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Empowering Application Development Teams 



Application Lifecycle Management 

Application Lifecycle Management (ALM) is becoming more and more 
popular with IT organizations that are trying to apply structure to their 
software development process. ALM comprises tools, technologies and 
processes to integrate disciplines such as requirements management, 
project planning and management, architecture and design, application 
development and deployment, software quality and change management. 
You too may be looking at implementing some form of application 
lifecycle management into your IT organization. 

Microsoft Visual Studio Team System can help 
with your IT Organization's challenges 

Visual Studio Team System provides ALM tools and guidance to help 
you streamline application development and empower your application 
development organization to work closely as an integrated team. 

Increase Project Success 

In today's rapidly changing, competitive business environments, there 
are many reasons why software projects may not be seen as successful. 
Project cost may be more than originally estimated, the project may 
take significantly longer than planned, or the project may not deliver 
the outcome that the business needs due to communication issues. 
Visual Studio Team System (VSTS) can help organizations align 
business demands with IT investments and manage their applications 



The State of the Art 

According to the Standish Chaos Report 1 cost overruns on software 
projects are down more than 100% thanks to an industry jocus targeted 
almost exclusively at reducing the cost oj software development. In the same 
report project success rates are shown to not have significantly improved 
over the last 10 years. In fact, less than 30% of projects are judged to have 
been successful. 

In a 2006 Forrester report 2 , Carey Schwaber states that 75% of an 

IT organizations spend is on software maintenance and operations leaving 

only 25% for new projects. 

In a 2006 Gartner report 3 the top four priorities for CIOs focused on 
moving the IT organization to focus on business value and better alignment 
with business strategies. 

"So, how do you move IT from being a cost center to being 
a strategic investment for the business?" 



throughout the IT life cycle, from initial project kick-off through 
development, deployment and on-going maintenance. 

Given constraints on time and resources, prioritizing application 
development projects that have maximum impact on the business is criti- 
cal. Using VSTS in combination with Microsoft Project Server and Mi- 
crosoft Project Portfolio Server helps organizations choose the right pro- 
jects to focus on, manage key resources and adjust to changing 
requirements over time. 



During application development, Visual Studio Team System helps 
project teams drive predictability, visibility, and control into their 
software development process through real-time reporting of key 
performance and quality metrics. This deep insight into project status 
gives teams the information they need to plan ahead, identify risks early 
and reprioritize work to meet business goals. Visual Studio Team 
System also includes the Microsoft Solutions Framework (MSF), a set 
of lightweight, customizable processes and best practices to provide 
process automation and guidance at every step of the software 
development life cycle. 

This combination of integrated project planning and management with 
advanced application development tools and process guidance helps 
project teams better control cost and time overruns and keep the project 
on track to meet the business need. It also helps teams continuously 
learn and improve their development process to deliver successful 
project outcomes. 

Improve Team Productivity 

People on software teams drive project success. Implementing the right 
process and tools to empower team members leads to greater success at 
an individual, team and organizational level. 

All teams are made up of individuals with their own work styles and 
preferences; Visual Studio Team System offers an approachable and 
intuitive experience for each member of the development team and allows 
team members to use the tools they are most comfortable with — whether 
that is Microsoft Visual Studio, Microsoft Office or third-party tools. 
Visual Studio Team System includes proven, integrated tools for project 
management, architecture and design, code analysis and performance and 
software testing that not only increase individual productivity, but also 
help the whole team work better together. Visual Studio Team System is 
designed so you can customize and extend it with your own internal tools 
and processes thus allowing you to construct an infrastructure that best 
meets the needs of your particular team. 

Team productivity is further enhanced with a single, integrated server for 
greater communication and collaboration between business, development 
and operations teams. Team Foundation Server enables great teams to do 
great work by recognizing that all of the work involved in a software 
project — requirements, source code, defects and builds to name a few — 
are closely related. Team Foundation Server provides visibility into team 
activity and traceability of actions throughout the software development 
process enabling decisions to be made based on real-time information 
from a single, comprehensive central repository 

Drive Software Quality 

Software quality issues are often a deciding factor in the success or 
failure of a project. Quality issues such as poor performance and 
security vulnerabilities can lead to increased project cost, extended 
deadlines or reduced application functionality. Visual Studio Team System 
enables teams to deliver quality early and often in the development 



1. Standish Group, 2004 Third Quarter Research Report, CHAOS Research Results 

2. Forrester, Performance Driven Development, Carey Schwaber, 2006 

3. Gartner, Growing IT's Contribution: The 2006 CIO Agenda 



lifecycle by offering built-in quality tools for everyone on the team. 
Application security performance and reliability can be increased through 
the use of advanced code, performance, load testing and security analysis 
tools which help teams catch software defects and issues earlier in the 
development process. The comprehensive, multi-dimensional reporting 
and analysis provided by Team Foundation Server also enable teams to 
ensure that all software is adequately tested. 

In addition to tools, Software Factories and guidance, provide a faster, less 
expensive, and more reliable approach to application development. They 
significantly increase the level of automation in application development, 
applying the time-tested pattern of using visual languages to enable rapid 
assembly and configuration of proven, framework-based components. 
Together, this process guidance and tooling helps to ensure that all team 
members are working in harmony and developing within a pre-defined set 
of best practices. 

Extend Visual Studio Team System through 
the addition of official Partner Products 

In addition to all of the functionality included within Visual Studio Team 
System there are more than 450 lifecycle tools and products from over 235 
Visual Studio Industry Partners that further extend the capabilities of 
Visual Studio Team System to ensure that all needs of your development 
team are met. 

Moving ALM forward, announcing integration 
of the database into the application lifecycle 

Traditional ALM tools and processes have failed to address the importance 
of databases in most application development projects. In the fourth 
quarter of 2006, Microsoft will release the fourth member of Visual Studio 
Team System called Visual Studio Team Edition for Database Professionals. 
This new product directly addresses the need for the database to be a first 
class member of the application development lifecycle. Visual Studio 
Team Edition for Database Professionals provides tools to help manage 
change by placing the database schema under source control to help 
reduce the risk involved with changes as well as allowing you to easily 
compare the source controlled version against test and production systems 
and automating the creation of change scripts. Changes to your database 
can be streamlined thanks to tools that allow you to automatically cascade 
changes throughout the database schema in a controlled and consistent 
manner. 

Visual Studio 2005 Team Edition for Database Professionals also allows 
you to create full unit tests for your database schema that can be run 
independently or can be added to the full application test suite. The fully 
extensible unit test functionality allows complex tests to be created in 
either T-SQL or managed code and the new Data Generation functionality 
allows you to create repeatable and meaningful test data that mimics data 
found on the production servers ensuring that the database tests provide 
appropriate results. 



People Ready 

Companies excel when they empower their people to drive the business 
forward. 

Strategies, organization, motivation, and leadership all set the stage for 
business success. But to see results, you also have to give your people the 
right tools, information, and opportunities — because success ultimately 
comes down to your people. We call a business that fosters a winning 
environment a "people-ready business." 

Microsoft Visual Studio Team System can help your IT organization 
become a People Ready business by providing tools, process and 
guidance to empower every member of the team to turn data into 
insight, transform ideas into action, and turn change into opportunity. 
Through a concept we call "Trustworthy Transparency", Visual Studio 
Team System provides an infrastructure that empowers and enables all 
members of your IT organization to contribute to business success as 
part of an integrated team. 

When individuals realize their potential, your company realizes its 
potential. That realization is what separates what we call a "people-ready" 
business from an ordinary one. 

For More Information 

Find out more about how you can help your software teams improve 
project success, increase productivity and deliver high quality business 
applications. For more information about Visual Studio Team System contact 
your local Microsoft representative or Microsoft Partner and learn more at 
msdn.microsoft.com/vsts or www.microsoft.com/business/peopleready. 
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CollabNet Gives Developers a Wiki 

Update of Enterprise Edition focuses on workspaces, ALM and reporting 



BY P.J. CONNOLLY 

The topic: Collaboration. Talk 
amongst yourselves. 

CollabNet is hoping to make 
talk — and work — between 



developers easier with the 
release last month of a wiki- 
based editor in an update to its 
enterprise collaborative devel- 
opment environment. 



The new release aims to give 
developers new ways to share 
best practices and content 
across projects, while allowing 
development managers to 



adopt ALM (application life- 
cycle management) concepts at 
a comfortable pace. 

CollabNet Enterprise Edi- 
tion 4.5 includes a new editor 
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based on wiki technology that 
allows developers to populate 
project pages with dynamic or 
static content. Project man- 
agers can quickly lay out and 
fill in the pages and tabs that 
constitute the project work- 
space, which acts as a central 
reference point for integrated 
core development tools such as 
communications tools, issue 
trackers or a version control 
system such as Subversion, the 
open-source version control 
project sponsored by Collab- 
Net. At the same time, man- 
agers can define an ALM 
approach and a development 
process to the degree they 
deem necessary. 

The new release also offers 
development managers as well 
as developers flexibility and 
portability in the use of ALM- 
focused project templates. 
Once again, a baseline template 
acts as a blueprint to make cre- 
ating an ALM -based project 
simple from the start using 
industry-standard processes 
such as agile or RUP (Rational 
Unified Process). Defined pro- 
ject elements can be exported, 
then applied as an ALM tem- 
plate to new projects, and man- 
agers can define templates as 
being industry standard, propri- 
etary or sourced from a third 
party such as CollabNet. 

Reporting is expanded in 
CollabNet Enterprise Edition 
4.5, including status reports 
that can focus on points in time 
or help determine trends across 
time. New query capabilities 
allow filtering at domain, pro- 
ject and user levels while 
respecting permissions and 
security roles with regard to 
projects and software assets 
during transfer to other partici- 
pants or projects. 

Finally, the new release of 
CollabNet Enterprise Edition 
improves its integration with 
external authentication domains 
including Microsoft Active 
Directory, adds Web services- 
based APIs for the company's 
Project Tracker and Subversion 
packages, and out-of-the-box 
bidirectional connection to 
external systems such as Mer- 
cury Quality Center. 

CollabNet Enterprise Edi- 
tion 4.5 works with Apple 
Safari, Microsoft Internet 
Explorer, Mozilla Firefox and 
Netscape browsers. I 
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Oracle Reveals Developer Tools, 11 g Beta 



New online resource for developers tops offerings unveiled at OpenWorld conference 

should also bear fruit within the 



BY ALEX HANDY 

SAN FRANCISCO — Oracle 
lifted the curtain on its future 
plans for developers at its annu- 
al conference held here late last 
month, including a new refer- 
ence Web site for Oracle devel- 
opers to find and share their 
code. The company also 
demonstrated its plans for the 
future of the Oracle ecosystem 
by unveiling the first public beta 
of Oracle llg. 

Oracle also announced new 
components for its Fusion mid- 
dleware. One of these was the 
Oracle Developer Depot, which 
watches internal repositories 
and allows developers to search 
for new code relevant to their 
work. Once found, Java code 
can automatically be down- 
loaded and installed in the prop- 
er locations. The company also 
introduced a suite of administra- 
tion and governance tools, all of 
them Web-based. These include 
runtime and business policy 
administration facilities, and a 
general update to the company's 
BPEL Process Manager. 

SUITE AT THE CENTER 

The centerpiece of the new 
Fusion announcements, how- 
ever, was the Oracle WebCen- 
ter Suite. This portal-like Web 
offering includes facilities for 
SIP-based VoIP communica- 
tion, business wiki creation, 
forum style discussion groups, 
and a design environment for 
building SOA mashups on the 
fly. The WebCenter Suite rep- 
resents the realization of SO As 
potential, said Thomas Kurian, 
senior vice president of devel- 
opment for middleware plat- 
form products, by offering a 
single workspace in which to 
access services and business 
intelligence. 

WebCenter Suite will run on 
top of the Oracle Application 
Server Enterprise Edition and 
cost US$50,000. Oracle antici- 
pates that the suite will be ready 
for sales before the end of 2006. 

The WebCenter Suite is the 
first of an entire line of new 
Web-based tools for adminis- 
tration, business intelligence 
and application construction. 
Oracle's future plans, said 
Charles Rozwat, the company's 
executive vice president of serv- 
er technology, are heavily tied 
to Web 2.0 concepts. He 
demonstrated many of the Web 



interfaces from the Oracle llg 
beta release, offering a view of 
corporate mashup creation. 

Elsewhere at the show, Ora- 
cle announced new partnerships 



with Adobe Systems to create 
rich client application develop- 
ment facilities for enterprises 
seeking to use both AJAX and 
Adobe's Flash. The agreement 



Fusion Application space, where 
Oracle currently supports only 
AJAX and Java for application 
development. The company did 



not announce a time frame for 
the availability of Flash tools for 
use inside of Oracle's environ- 
ments. However, when Flash 
does finally become available to 
Oracle developers, the compa- 
ny has said it will function with 
current generation portal tools 
as well as Oracle's future 
Fusion products. I 
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Red Gate Addresses Database Refactoring 



BY P.J. CONNOLLY 

Developers and database admin- 
istrators have a new tool to help 
them improve database design 
on instances of Microsoft SQL 
Server incrementally, without 



affecting the database s function- 
ality. SQL Refactor from Red 
Gate Software is a plug-in for 
SQL Server Management Studio 
that the company claims is the 
first of its kind for SQL Server. 



Database refactoring is a rel- 
atively new concept, first 
explored in a 2002 article by 
Scott Ambler, data guru and 
IBM practice leader. Essentially, 
the term covers simple changes 



to a database schema that do not 
affect behavioral and informa- 
tional semantics but yield an 
improvement in the design. This 
makes database refactoring 
more complex than code refac- 
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toring, as the latter merely has to 
retain behavioral semantics. 

Database refactoring covers 
both the data structure and the 
functionality of the database; 
stored procedures and triggers 
have to be updated at the same 
time the database schema is 
being tweaked. 

SQL Refactor offers its users 
a number of tools and features 
meant to make refactoring easi- 
er, including one-click uppercas- 
ing of keywords, and at least 30 
prebuilt formatting and layout 
options. Users can use SQL 
Refactor to summarize complex 
or lengthy queries and scripts, 
for ease of understanding; it can 
also encapsulate script portions 
into separate stored procedures, 
if modular code is an objective. 

The summarizing "is basically 
for database developers who 
have to handle a lot of legacy 
code... most of them just get a 
large script and they need to 
quickly understand what it 
does," project architect Andras 
Belokosztolszki noted. "It sort of 
navigates them through the 
code, shows the tree structure of 
the code and gives a high-level 
overview of it." 

The new tool also includes 
smart object renaming that 
automatically cleans up depen- 
dent references in stored proce- 
dures, tables, user-defined func- 
tions and views. Users can also 
apply smart renaming to table 
and view columns, as well as 
function and procedure para- 
meters. "We [start with] the 
database object, follow all the 
references, and provide you 
with a script that modifies the 
name of the object you want to 
rename, and modifies the name 
of the reference object as well," 
said Belokosztolszki. 

SQL Refactor allows users 
to split a data table in two, while 
creating a separate referential 
integrity table for validation. It 
also includes a sort of "garbage 
collector" that identifies unused 
parameters and variables, help- 
ing developers and DBAs keep 
their code clean. 

Plugging SQL Refactor into 
SQL Server Management Stu- 
dio just made sense; according 
to Belokosztolszki, at the time 
its development started, more 
than half of Red Gate's cus- 
tomers were already using the 
Microsoft tool. "It allows us to 
use context menus in the object 
explorer," he noted. I 
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Caspio Frees Web-Based Database Apps 

Bridge SOHO builds and hosts database applications for free 



BY ALEX HANDY 

Caspio has eliminated the toll 
on its bridge. The company's 
Web-based database-driven 
application construction frame- 
work, Bridge SOHO, is now 
available for free to users. 

The free version does not 
include support for Web ser- 
vices and forces the placement 
of a Caspio logo in the result- 
ing embeddable Web object. 
With SOHO, developers are 
restricted to building graphi- 
cal interfaces to databases, 
such as online retail shopping 
carts or polling software. The 
full version of the tool offers 
methods to expose these appli- 
cations as Web services, and to 
integrate data streams from 
external services as well. 

Frank Zamani, CEO of 
Caspio, said that enterprises 
that upgrade to the full version 
of Caspio can opt to host the 
Caspio framework on their 
own servers. For the rest of 
the world, however, Caspio 
applications are created and 
hosted entirely on Caspio's 
servers. Developers use an 
AJAX-based point-and-click 
interface to construct their 
applications, then insert a 
small snippet of code into 
their own sites that reference 
the end product. The whole 
process is similar to that of 
embedding Youtube.com con- 
tent or other externally hosted 
data within an HTML docu- 
ment, said Zamani. 

A FAMILIAR FACE 

"We copied Microsoft Access 
as much as we could in the user 
interface," said Zamani. The 
reason for this, he said, is that 
most of his company's cus- 
tomers are already familiar 
with building Access-based 
database applications. "People 
create their applications in this 
interface using the point-and- 
click wizard, and at the end 
they say they want to deploy 
this on their site. Then it gives 
them three or four lines of 
code and they paste that into 
their Web site. All interactions 
are forwarded to our servers," 
said Zamani. 

Caspio also hosts the data- 
bases that drive these applica- 
tions. The company uses 
Microsoft SQL Server to han- 
dle this data. Enterprise cus- 
tomers that upgrade to the full 



version of Caspio Bridge can 
step outside of the online con- 
struction tool by pasting in 
their own Web services code. 
On the other side of the coin, 



applications built with the full 
commercial version of Caspio 
Bridge can also be exposed as 
Web services themselves. 
Aside from these Web ser- 



vices facilities, said Zamani, 
Caspio Bridge SOHO offers 
the entire range of functions 
offered by the full commercial 
edition. That means users can 



automatically translate their 
applications into other lan- 
guages, such as French and 
German. In addition, Caspio 
Bridge applications support 
SSL encryption and numerous 
styles for customizing the look 
and feel of the end product. 
Caspio's free service can be 
tried out at www.caspio.com. I 
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Dialing Into 

Verizon's 

Development 

CIO Shaygan Kheradpir talks 
about change, testing, security 




BY ALEX HANDY 

Shaygan Kheradpir oversees all of the 
varied development projects at Verizon, 
where he is chief information officer. 
Kheradpir has been with Verizon since 
2000, when his former employer, GTE, 
was snatched up by what was then Bell 
Atlantic. Since then he has overseen the 
rollout of many new services and prod- 
ucts, from DSL and wireless phones, to 
internal customer service and billing 
platforms. His current pet project is the 
nationwide deployment of "FIOS," the 
company's fiber-to-the-curb service. 
That program seeks to serve up fiber- 
optic Internet connections to homes 
across the United States. 

We caught up with Kheradpir in mid- 
October to discuss what goes into creat- 
ing software at Verizon. 

SD Times: How do you manage change? 

Shaygan Kheradpir: That's a question at 
many levels. We obviously have hun- 
dreds of changes going in every week- 
end — we try to make our changes on the 
weekends like everybody else. Basically 
what happens is, like any other big soft- 
ware shop, we have very elaborate 
change management processes. There 
are a couple of things we've institutional- 
ized: One of them is that if there is any- 
thing that is going in that would have 
major service implications, or major 
product implications, before we actually 
flip the switch, they would have to ask 
me for my go-ahead. 

Come Thursday I start getting e-mails 
saying, "Please approve this." I look at it, 
and if there's something I see that I need 
to drill down more on before I let it go in, 
I do. Nothing can go in without all the 
security tests that our security team has to 
do on the system. There's a sign-in sheet 
on that. 

How do your developers handle security? 
We have a team here that does this. They 
review a program before it gets started. 
They review it from an information secu- 
rity perspective, and from a design per- 
spective. Then, the developers go and 
do the actual development with our 
approved set of tools and methodologies. 
Then, when the software comes out, 
there's another team that scans it for vari- 
ous security issues. We bookend it on the 
front end with design reviews, then on the 
back end with application scans. 
How do you coordinate all your teams? 
We have a philosophy of having small 



teams, not large teams. But there's not 
high levels of interdependency between 
these teams, so the teams can go at it as 
independent teams. As the size of the 
teams grow, productivity starts declining 
and overhead starts increasing. That's one 
of the reasons we were one of the first 
ones to jump on the Web services band- 
wagon: because that methodology suited 
us. Then, as the teams get closer to com- 
pletion, systems integration kicks in 
between them. We don't like large mono- 
lithic development projects. 
How do you handle integration? 
I can tell you integration testing is where 
a lot of energy goes in. That is because 
the systems are becoming so intricate and 
so sophisticated. ... You can do so much 
during design, but at the end of the day 
you have to get it into an integration 
regime. We do spend a noticeable 
amount of time on systems integration, 
but that's more on the systems integration 
testing. It's less of "the thing doesn't 
work" and it's more that we have to make 
sure it works perfectly. It's not that I can't 
get the flow to work; it's that you have to 
have very high levels of flow-through and 
high levels of performance on tight con- 
ditions, pushing the whole system to the 
boundary conditions to see how the sys- 
tem behaves at the edges. Things that 
would work with smaller volume don't 
work for us. We push everything to the 
edge of the design. It's that kind of thing 
we really focus on. [We test] when every- 
thing is together under massive load, and 
under thousands of conditions. 

When we first launched FIOS, the 
first instantiation of the platforms had 
over 100,000 pages of detailed require- 
ments. This is not a trivial thing. This is 
business rules on top of business rules on 
top of business rules. Because at the end 
of the day, when the customer orders 
FIOS, you still have to run the bills. 
If you could say one thing to every tools 
company out there, what would it be? 
I would say high performance [and] sim- 
plicity are the two things we need most. 
How do you handle open source? 
We do look at it on a couple of levels. We 
look at it very consciously: This stuff is 
not trickling in. We look at it from a tech- 
nology perspective: What is a particular 
open-source piece of software ready for? 
Where are different classes of applica- 
tions, from simple computational, to very 
high-level transactions and everything in 
continued on page 20 ► 
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Report: Developers To 
Exceed 17M by 2009 



< continued from page 1 

the historically esoteric developers who 
are writing code to achieve some soft- 
ware-related objective. Viewed in that 
light, Hoffman said 17 million seems 
aggressive. 

Laura Didio, research fellow of appli- 
cation infrastructure and software plat- 
forms at Yankee Group, said her compa- 
ny also thinks APAC countries will 
overtake Europe, the Middle East and 
Africa (EMEA) countries, albeit by 
the first half of 2008, 
because software devel- 
opment is a priority in 
the APAC nations. That 
focus, combined with the 
sheer size of China and 
India, translates to the 
increased numbers of 
APAC developers. 

SUPPLY AND DEMAND 

The U.S. has a long history 
of software development 
innovation; however, com- 
petition is growing global- 
ly. Over the past few years, 
U.S. companies have gen- 
erally kept core develop- 
ment tasks in-house and offshored rote 
development tasks such as testing and 
maintenance. 

"There are clearly surpluses for less 
skilled developers, which are rapidly 
moving offshore to India [and] driven by 
demand largely in North America," said 
Tech Strategy's Gilbert. "The converse is 
that we really do have a talent shortage of 
very specialized skills — not for vanilla 
Java programmers but for application 
architects." 

One of the main reasons software 
development has been moving offshore is 
that labor is cheaper in many other coun- 
tries than it is in the United States. How- 
ever, the cost advantage in some regions is 
diminishing, which creates opportunities 




There is a talent shortage of 
specialized skills, says Tech 
Strategy's Gilbert. 



for cheaper labor in other countries. 

"The labor cost arbitrage with low-cost 
countries still exists, but it is diminishing 
in India, which is why you're seeing the 
rise of other countries [such as] Ireland, 
the Philippines and even China, despite 
language issues," said Gilbert. "Ultimate- 
ly, this won't be just about labor costs. The 
quality of the engineering talent coming 
out of the key universities in these coun- 
tries will determine just how high up the 
ladder of economic value-add they can 
move. And it's clear they 
won't stop at mainte- 
nance." 

Yankee Group's Didio 
agrees the United States 
will strongly influence the 
rise of software develop- 
ment in other countries, 
but the issue isn't out- 
sourcing, she said. It's the 
desire to stay competitive 
and the drive among for- 
eign nationals to secure 
coveted Hl-B visas. 

"Make no mistake: 
Engineers around the 
globe aspire to come to 
the U.S. and work for top 
software firms like Microsoft, Oracle 
and Google," she said. "Almost every 
U.S. -based high-technology firm has a 
software developer personnel roster that 
is straight out of the [United Nations]. 
U.S. and [APAC] colleges and universi- 
ties will continue to churn out software 
developers in record numbers." 

John Andrews, CEO of Evans Data, 
said other countries are behind because 
their developers aren't as sophisticated 
yet. Foreign developers have less experi- 
ence than U.S. developers. In fact, the 
average U.S. developer is 12 to 15 years 
older and has more experience than his 
or her APAC counterparts. 

"The [sophistication] gap will close in 
about three to five years," he said. I 



'BAM!' Cape Clear Cooks Up Monitoring 



BY ALEX HANDY 

With all that data flying through its 
enterprise service bus, it was only natur- 
al to want to analyze it all. So on Nov. 13, 
Cape Clear Software added business 
activity monitoring (BAM) support to its 
flagship ESB. 

Cape Clear now offers Web-based 
dashboards to view the activities taking 
place across its ESB, according to execu- 
tive vice president of products David 
Clarke. The inclusion of BAM facilities in 
the ESB, said Clarke, is not the tradition- 
al path for monitoring a service-oriented 
architecture deployment, but it is one 
that makes sense. "BAM has traditionally 



been something that sits on the side," 
said Clarke, adding that most developers 
put in BAM after their deployment and 
testing is complete. With BAM integrat- 
ed into the ESB, however, monitoring 
can take place throughout the entire 
SOA creation process. 

Clarke said that his customers have 
been interested in finding a position from 
which to monitor their entire SOA stack. 
"Increasingly, they're interested in getting 
more information out of what's going 
on, what state the business processes are 
in — are they healthy, are they not 
healthy?... They want to get business level 
metrics out of their ESB," said Clarke. I 
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Dialing Into Verizon's Development 



< continued from page 18 

between? Where does this 
open-source best fit at this time 
in its maturity cycle? The scale 
of Verizon pushes software to 
the edge. Once we've got that 



angle on it from a capabilities 
perspective, if we're going to 
use it for an area that's mission- 
critical, where is the support 
infrastructure coming from? 
Lastly, the issue is: What is 



the intellectual property aspect 
of this? Is there any intellectual 
property issue, or is it totally in 
the safe zone of IP? We don't 
want to go and deploy something 
to thousands of people, have 



great software and great support, 
but then have an IP issue. 
How do you maximize uptime 
when coding? 

It goes back to systems integra- 
tion testing. We do full volume 
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/n software Red Carpet 
Subscriptions 

by /n software 

/n software Red Carpet™ Subscriptions give 
you everything in one package: communica- 
tions components for every major Internet 
protocol, SSL and SSH security, S/MIME 
encryption, Digital Certificates, Credit Card 
Processing, ZIP compression, Instant 
Messaging, and even e-business (EDI) 
transactions. .NET, Java, COM, C++, Delphi, 
everything is included, together with per 
developer licensing, free quarterly update CDs 
and free upgrades during the subscription term. 
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DevTrack 6.1 

Powerful Defect and 
Project Tracking 
by TechExcel 

DevTrack, the market-leading defect and project 
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and automates your software development 
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workflow and process automation, seamless 
source code control integration with VSS, 
Perforce and ClearCase, robust searching, 
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administration and integration reduces the cost 
of deployment and maintenance. 
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LEADTOOLS 

Raster Imaging Pro for .NET 

by LEAD Technologies 
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GDI+ with LEADTOOLS. Support for over 1 40+ 
file formats including TIFF, JPG, J2K*, PDF*, 
and GIF using various compression schemes 
like JPEG, JPEG2000, LZW, CCITT G3/G4, 
and CMP. Scan, capture, 200+ image process- 
ing filters, high speed display (resize, rotate, 
quality controls), and much more. Lots of 
sample source code to get you started quickly! 

^Requires plug-in 

programmers.com/lead 
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by Contour Components 

ContourCube 3.0 is a high-performance OLAP 
component for interactive reporting and data 
analysis. It offers embeddable OLAP technology 
for all Windows and web applications based on 
relational data. Application powered with 
ContourCube allows users to create numerous 
nice-formed screen and printable reports in 
a minute. 

• Embeddable Business Intelligence 

• Zero report coding 

• Self-service interactive reporting 

• Royalty free 

programmers.com/contourcomponents 
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AIIFusion® ERwin® Data 
Modeler r7 Plus 1 Year 
Enterprise Maintenance 

byCA 

Introducing AIIFusion® ERwin® Data Modeler 
r7, rising to the challenge of successful 
information management starts with optimal 
database design. Enables visualization of 
complex data structures, inventory informa- 
tion assets and establishes enterprise-wide 
standards for managing data. Automates the 
design process and synchronizes the model 
with the database design. Use this product 
to design transactional systems, data marts 
and data warehouses in one integrated 
environment. Enhanced "out of the box" 
support for Oracle 10g/9i. 

c-tree Plus® 

by FairCom 

With unparalleled performance and sophistication, 

c-tree Plus gives developers absolute control over 

their data management needs. Commercial 

developers use c-tree Plus for a wide 

variety of embedded, vertical market, 

and enterprise-wide database applications. 

Use any one or a combination of our flexible 

APIs including low-level and ISAM C APIs, simplified SQL 

C and C++ database APIs, SQL, ODBC, or JDBC. Available! 

c-tree Plus can be used to develop single-user and 

multi-user non-server applications or client-side Paradise # 

application for FairCom's robust database server FO 1 1 3 1 

— the c-treeSQL™ Server. Windows to Mac to $q /-(\ 99 

Unix all in one package. OD\J» 
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• Highlights hits in XML, HTML and PDF, while 
displaying links and images; converts other files 
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dynamic content) to searchable database 
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.NET languages. 
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PowerBuilder 10.5 
Enterprise Edition 

by Sybase 

Introducing PowerBuilder 1 0.5, the newest 
release of the premier 4GL RAD tool that 
accelerates your application development. 

New features include: - 

• User Interface with new icons, menus, toolbars 

• Rich text control and datetime picker control 

• Treeview, a new DataWindow® presentation style 

• DataWindow functionality, including autosize 
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• Enhanced Web Services implementation 

programmers.com/sybase 

SlickEdit vll 
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I SlickEdit is the multi-platform, multi- 
language code editor that enables 
power programmers to create, navigate, 
modify, and debug code faster and more 

j accurately. SlickEdit has the capacity to 
handle large code bases and challenging 
programming tasks. 

i Customize SlickEdit to match your coding 

: style. For the ultimate in extensibility, 

; use Slick-C to write your own macros. Windows Edition 

Paradise # 
M39029J 

$ 275." 

programmers.com/slickedit 
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"Bottom line: dtSearch manages a terabyte of 
text in a single index and returns results in 
less than a second. " — InfoWorld 



Single Server 
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• PDF export without additional 3rd party 
tools or printer drivers 

• Nested tables, headers & footers, text frames, 
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• Ready-to-use toolbars and dialog boxes 
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Xtreme SuitePro 2006 

by Codejock Software 

With Xtreme SuitePro 2006 for ActiveX/COM you 
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Individual components: 

• Xtreme CalendarPro 

• Xtreme CommandBars 

• Xtreme DockingPane 

• Xtreme PropertyGrid 
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Multi-Edit 2006 

by Multi Edit Software 

Speed, depth, uncompromising program 
access, Multi-Edit 2006 provides a great 
tool for your programming arsenal. Search 
with definable filters & Perl 5 Regular 
Expression support. BCDiff by Scooter 
Software powers up ME's file compare 
utility. Other features are integration 
with ImageMagic, Delphi 2006, C++ 
Builder 2006, Visual Studio 2005, 
code beautifying support for ASP, C/C++, 
C#, CMAC, CSS, HTML, Java, JavaScript, 
JSP, PHP, Pascal/Delphi, Perl & Python. 
Handle 50+ languages + Ruby. 
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testing. It's quite time-consum- 
ing in the sense that we test with 
our databases full. You would 
think, what's the big deal? But to 
fill up the database, the whole 
thing has to be consistent. That's 
millions and millions of cus- 
tomers' data staged across the 
system. Having a million-row 
table is different than having a 
trillion-row table. We run all the 
branches with all the automation 
tools we have, like WinRunner. 

Then we run into what we 
call destructive testing. That is 
where we ask the developers to 
show us where the breakpoint 
of the system is. It's not good 
enough to say it works; we have 
to know where it breaks. 

The last one is my favorite 
because this is one of the first 
software projects I ever did. We 
call it "Gorilla Testing." There 
are thousands of humans press- 
ing the enter key at the same 
time. We try to get a large body 
of people in it — they could in 
some cases not be working on 
the program. Someone blows 
the whistle, and for the next cou- 
ple of hours, we bang on it as 
hard as you can as a human. We 
all get together again and say, 
"What did you find?" Then the 
list shrinks. Most of our systems, 
mind you, are online systems 
with thousands of customer ser- 
vice reps and thousands of tech- 
nicians and thousands of cus- 
tomers banging on it. I find that 
in the history of software devel- 
opment we've done, until you do 
the Gorilla Testing, the thing is 
not ready because humans have 
a nasty habit of breaking systems. 
What is the most useful tool in 
your development shops? 
I would say our software devel- 
opers. My experience has been 
that tools come and go, right? 
You always have a next genera- 
tion that's better, but the con- 
stant here is having great soft- 
ware developers makes all the 
difference. You can give them 
really rudimentary tools, and 
they do a great job for you. If 
you have mediocre developers, 
you can't fix that with great tools. 
I don't remember any great soft- 
ware innovation that was done 
by more than one or two people. 
Or with any specific tools. It's 
always one or two people crank- 
ing with not a lot of stuff. 

So, if you're asking me, it's 
great software development 
people. They could be great 
operating systems people, great 
testers, great requirements 
people. ... For us, that's the dif- 
ference. You can always buy 
tools, but you can't buy talent. I 
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I thought application security 
was someone else's problem. 

Until last night's 
SQL injection attack, 







i ! m 



///./■ 






Hi ': 



April 16-17, 2007 | San Mateo Marriott 
San Mateo, CA 



Ba^ Am* 



SOFTWARE 
SECURITY 
SUMMIT 




AH/ ItitdhLEuEjiiL 

Mnrfi unr? InrtfriTySparrGE-n- 



Leain Ho wtd Guild 
Secure Software 

Teslt lie Security 
erf Your Software 

U nde rsta nd S uftwa re 
Security Vu I n era bi lilies 



Implement a Layered Approach 
ta Application Security 

Architect Security Into the 
Develop monlLifG Cycle 




www.S-3con.com 



www.sdtimes.com 



Software Development Times . November 15, 2006 . 



NEWS 



23 




VSTO 2005 SE Gain Developer Acceptance? 



< continued from page 1 

and MSDN subscriptions. The 
VSTO 2005 SE release allow 
developers to build applications 
based on the 2003 versions of 
Word, Excel, Outlook, Power- 
Point and Visio, plus the 2007 
editions of those same products, 
along with InfoPath 2007. 
Specifically, VSTO 2005 SE will 
let developers make use of the 
new Ribbon interface, custom- 
task pane and Outlook forms of 
Office 2007. 

"Application add-ins [such as] 
Outlook and Infopath, [which] 
were previously supported, have 
been enhanced... and this is a 
great and long-overdue request," 
said one tester, Mike Walker, 
development director at FWBS, 
a U.K. legal-software-solution 
provider (and Microsoft Gold 
Certified Partner). 

In addition, "Cypress effec- 
tively makes the developer expe- 
rience considerably more pro- 
ductive, in providing a wrapper 
to the core Office interfaces 
without the complexities in- 
volved in crossing the COM/ 
.NET boundaries," Walker said. 

"Office as a platform has 
been strategic for my firm for 
many years, and with the transi- 
tion of our original product to 
fully managed code, the inter- 
faces involved in the past are 
very painful," Walker said. "With 
the Cypress release, we're now 
getting the tools we need to help 
deliver in a simple fashion the 
plumbing to Office to allow us to 
get on with the LOB [line-of- 
business] functionality needed 
by our customers." 

ACKNOWLEDGED LIMITATIONS 

There are some shortcomings of 
the product, as Microsoft offi- 
cials have acknowledged. For 
one, there is no visual designer 
customized to work with the 
new Office 2007 features. 
Testers are well aware of that 
limitation, said Charles Stein- 
hardt, CTO at Venture Archi- 
tects, a New York City provider 
of startup-focused services. 

"I would like to see much bet- 
ter designer support for creating 
interfaces and events," Stein- 
hardt said. "No offense, but 
Microsoft is reminding me of 
how old I am! I feel like its a time 
warp to 1993 using Microsoft 
C++ and hand-coding toolbar 
resources. What is up with that?" 

VSTO 2005 SE also does not 
support document-based add- 
ins for Office 2007 applications, 



even though the currently ship- 
ping version of VSTO does — 
but for Office 2003 apps only. 

K.D. Hallman, general man- 
ager of Microsoft's Office Plat- 
form Developer Tools group, is 
touting the upcoming VSTO 



"Orcas" as the version of the tool 
that will provide these kinds of 
capabilities. VSTO Orcas is 
designed to likely sync up, tim- 
ing-wise, with the Orcas version 
of Visual Studio (expected to 
ship in 2007). 



VSTO Orcas will accept add- 
ins from Excel 2007 and Word 
2007, feature a visual designer 
for the Office 2007 Ribbon, Task 
Pane and Outlook forms region, 
and add support for ClickOnce 
deployment, Hallman said. 



"Workflow is an area where 
we really need development 
tools," she added. "Right now, 
it's pretty much unapproachable 
for developers."! 

Mary Jo Foley, a contributing 
writer to SD Times, has special- 
ized in covering Microsoft for 
more than a decade. 
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Oracle Expands Fusion With Web-Based Tools 

Also works with IBM on WebSphere application server support 



BY ALEX HANDY 

SAN FRANCISCO — Oracle 
demonstrated its Web-based 
policy, runtime governance, 
and business process manage- 
ment tools for the Fusion Mid- 
dleware platform at its annual 
OpenWorld conference here 
last month. The company also 
announced support agreements 
with IBM that ensure the 
Fusion platform will function 
with WebSphere's application 
server. 

That interoperability is key 
to the Oracle Fusion strategy, 
said Thomas Kurian, senior 
vice president of development 
for middleware platform prod- 
ucts at Oracle. "We've certified 
128 products with interoper- 
ability with our middleware 
suite. We support five different 
types of messaging systems and 
four types of object-relational 
mappings. This allows our mid- 
dleware to be adopted quickly 
and easily by our customers," 
said Kurian. 



Charles Abrams, research 
director at Gartner, pointed 
out that, though IBM and 
Oracle compete, their cooper- 
ation is a strong move toward 
success for both firms. "To 
be quite honest, I feel that if 
you look at who their main 
competitor is — SAP — I don't 
see the same level of commit- 
ment from IBM. IBM and 



Oracle seem to be cooperating 
more to support Oracle appli- 
cations running on Web- 
Sphere than SAP and IBM are 
cooperating on WebSphere," 
said Abrams. 

Abrams said that he pre- 
dicted the shift to SOA envi- 
ronments four years ago, and 
he made a new prediction for 
the future of enterprise appli- 



cations. "I think we need to 
break away from these artifi- 
cial processes — like CRM, 
ERP and supply chain man- 
agement — and move toward 
real processes for machines 
and human beings. In that 
sense I would advise Oracle 
customers or clients to look at 
[Fusion] as a way of allowing 
them to do what they need to 



do in a way that's cheaper, 
standardized and more open," 
said Abrams. He added that 
Oracle's new push toward 
enabling Web 2.0 style 
mashups through its Fusion 
platform puts the company in a 
good position for what he pre- 
dicts as a coming shift toward 
AJAX, REST and RSS-based 
enterprise applications. I 



Selling SOA, Not Just Software 



< continued from page 3 

sees it, is Iona. It's a conspicuous 
absence since the company's his- 
tory is grounded in Common 
Object Request Broker Archi- 
tecture, or CORBA, which aids 
in mainframe integration issues 
and is arguably the precursor to 
SOA. Joe McKendrick, a consul- 
tant and SOA blogger for 
ZDNet, said that the Dublin, 
Ireland-based company needs to 
evolve beyond its heritage of 
mainframes, which are fast giv- 



ing way to a world of data centers 
built on cheap clusters of com- 
modity x86 servers. 

Iona CTO Eric Newcomer 
cited progress in his company's 
Artix microkernel core for SOA, 
including the Artix Orchestra- 
tion plug-in, which can be used 
together with the Artix runtime 
to work across .NET, Java EE 
and other platforms. 

To those who might write off 
his company's future, Newcom- 
er pointed out that Iona has 



achieved five straight quarters 
of revenue growth, "with sales 
of Artix in particular up more 
than 100 percent compared to 
last year." Those who want to 
write off SOA as an endlessly 
boring consideration of just 
what makes for a good ESB — 
dedicated message bus or net- 
work itself for transport? — 
might occasionally take note, 
just for humor's sake, of what 
the SOA marketers are doing 
these days. IBM's YouTube 



experiment hit a small speed 
bump when someone managed 
to insert lots of porn-graffiti 
into one of the animated clips. 

The clip, cleaned up now 
though still featuring the same 
attractive model, is available 
again on YouTube. After being 
served up several thousand 
times, what kind of eager busi- 
ness- and tech-sawy responses 
has it evoked? 

None, actually, though there 
is this, from YouTube user 
"essive": "I didn't know SOA 
came with cute women and 
wardrobes." I 



AmberPoint 
Fires Its Agents 

Runtime governance tool now does 
agentless monitoring and administration 
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BY ALEX HANDY 

AmberPoint has been re- 
worked from the inside out. 
Previously, this SOA runtime 
governance and management 
tool required software agents 
to be installed on all of the 
machines in an SOA deploy- 
ment, but the company of the 
same name released a new 
version in late October that 
eliminates the need for these 
agents. 

Ed Horst, vice president of 
marketing at AmberPoint, said 
that the removal of the agents 
was performed at the behest of 
customers. "Once a service is 
up and running, most shops 
prefer to never touch it again," 
said Horst, explaining why his 
company's customers were 
excited about the change in 
architecture. 

AmberPoint is now respon- 
sible for building facilities into 
its tool that can recognize and 
speak to the many services in an 



SOA deployment. As of this 
writing, that included only two 
third-party products: the F5 
load balancing appliance and 
Iona Technologies' ESB. 

But Horst said that many 
more applications and appli- 
ances will be added to that list. 
"Some of the work is being 
done by these vendors, so it's 
their announcement to make, 
not ours," said Horst, explain- 
ing why AmberPoint wasn't yet 
able to formally announce other 
supported tools. 

Horst did, however, hint 
that popular software such as 
WebSphere, WebLogic and 
Microsoft BizTalk would be 
supported by the next quarter. 
Prior to that announcement, 
AmberPoint should also begin 
supporting SAP applications. 

At its core, AmberPoint is 
an administration tool for 
maintaining and evaluating 
developer-side policies. Cur- 
rently, the tool can receive and 
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AmberPoint builds charts to show how an SOA environment is linked together. 



present policies for the F5 
load balancing appliance. 
Horst said that, initially, users 
tell AmberPoint where the F5 
machine lives on the network, 
and from there, AmberPoint is 



able to build a chart describing 
the appliance's place in the 
SOA layout. The tool is also 
able to offload and upload 
policies, allowing users to 
dynamically change policies 



throughout the network. 
AmberPoint's Web-based in- 
terface allows developers to 
handle all of these changes 
without running back and 
forth to each service server. I 
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TechExcel Takes on ALM With DevSuite 



BY ALEX HANDY 

TechExcel has mustered its 
forces and integrated its three 
products into a single package. 
The company's existing applica- 
tions, DevPlan, DevTrack and 



DevTest, will now be available 
in a single US$1,000 package, 
offering a complete view of the 
development and QA process 
from a knowledge aggregation 
perspective. The suite includes 



information-sharing facilities 
that tie tests, plans, require- 
ments and bug tracking togeth- 
er into a single workflow. 

Those information-sharing 
modules, said Tieren Zhou, 



TechExcePs CEO, are at the 
heart of the company's new push 
into the application life-cycle 
management (ALM) space. He 
said that his company realized it 
could play in the ALM market 
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after the release in August of 
version 1.0 of DevPlan, its devel- 
opment process planning and 
estimation tool. Combined with 
DevTrack, the bug and issue 
tracking system, and DevTest, 
the company's test management 
and administration tool, Dev- 
Suite offers tools to help devel- 
opers from planning to project 
completion, said Zhou. 

"We realized that, with the 
planning capabilities, we can 
form a very powerful suite. 
We're making knowledge man- 
agement the core. When you are 
planning, you're creating higher- 
level documents, like require- 
ments documents, and these can 
all be saved into the knowledge- 
base," said Zhou. That, he said, 
required adding integrations to 
each product that allowed users 
to search across all three pro- 
grams for the information they 
need to get started on a project. 

That integration took the 
form of a single plug-in for all 
three applications, said Zhou. "It 
is a shared module which we call 
the Knowledge Management 
module. That stored information 
in each program becomes 
searchable. Programmers see 
the task assigned to them and 
want to see the original design 
document. In our tool, the docu- 
ment is already linked with their 
development task, so document 
knowledge becomes more easily 
available," said Zhou. 

This, combined with the pre- 
diction and estimation facilities 
of DevTest, gives managers and 
developers a single place to com- 
bine planning, issue tracking and 
testing. DevTest, which reached 
version 2.0 this fall, offers devel- 
opers a way to categorize and 
group tests, and each group is 
accompanied by an estimation of 
the time it will take to run those 
tests, said Zhou. This estimation 
extends to the entire develop- 
ment process, as man-hours are 
calculated according to the paths 
laid out by development teams 
in DevPlan. 

DevTest adds its own plan- 
ning to the mix, as it keeps track 
of tests and test results. DevTest 
tracks testing assets as they are 
checked in and out of develop- 
ment, and tabulates results from 
nightly build and testing 
processes. 

Zhou said that the entire 
DevSuite includes plug-in files 
for compatibility with source 
code repositories, like Team 
Foundation Server and Perforce. 
The suite is available today from 
TechExcePs Web site (www 
.techexcel.com). I 
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< continued from page 10 

letized or true color. It also allows for rendering of 3D images and 
includes an API for data set creation and removal . . . QEngine Issue 
Manager (QIM), a Web-based issue management software solution, has 
been released by AdventNet. QIM offers defect tracking, project man- 
agement and task management features, as well as time tracking, 
business rules and reporting features. 



UPDATES 



Worksoft has revved its Certify automated testing solution to version 
7.1. New capabilities, according to the company, include executive-lev- 
el reporting, with better visibility into the QA process; enhanced secu- 
rity for test data; automated test scheduling; and integration with 
third-party defect tracking and test tools . . . TLoad 2.3, the latest 
version of the Citrix MetaFrame load testing and performance moni- 
toring tool from Edinburgh-based ThinGenius, has been made general- 
ly available . . . Version One has announced the fall 2006 release of its 
VI agile project management software, with additional management- 
level reporting features, integration with Microsoft's Visual Studio 
development environment and new AJAX-enabled components for 
improved resource planning. 



PEOPLE 



Newmerix has appointed Dan Gannon president and CEO, to execute 
on a go-to-market strategy that will include an expansion of the com- 
pany's Automate suite of ALM software for enterprise applications 
such as PeopleSoft and SAP. The tools include change management, 
testing and project prioritization. Gannon had been SVP of worldwide 
sales for application security software provider Determina. 



Oracle 'Supports' Red Hat Linux 



< continued from page 1 

Linux. "Maybe the most serious 
problem is the lack of true 
enterprise support for the Lin- 
ux operating system." That, said 
Ellison, means catering phone 
and patch support toward cus- 
tomers who can't move their 
mission-critical systems to the 
latest and greatest revision of 
the operating system. It also 
means having the resources and 
people to answer questions 
around the clock, he added. 

Ellison stated that his com- 
pany had been pushing Linux 
for six years, and saw little 
uptake. Offering support and 
service contracts direct from 
Oracle, he said, would be the 
quickest way to expand enter- 
prise Linux use. 

Ellison may have overstated 
part of his case. For example, 
he claimed that Red Hat did 
not backport existing patches to 
older versions of its operating 
system, However, Red Hat does 
offer support for older versions 
of its Linux distribution. 

Oracle's support pricing 
starts at US$99 per computer 
per year, and runs up to $1,999 



for the largest servers. In addi- 
tion, Ellison announced intro- 
ductory discounts of half-off 
until Jan. 31, 2007, and existing 
Oracle customers can try the 
new support options free for 90 
days. Red Hat's pricing was not 
made available. 

Martin Schneider, senior 
analyst of enterprise software for 
The 451 Group, sees the Oracle 
support play as a potential path 
to acquisition. "Are there going 
to be people who say, 111 pay 
more to keep Red Hat alive?'" 
asked Schneider. "Sure. But if 
you take Mr. Ellison at face val- 
ue and say, This is more about 
Linux for the rest of the world,' 
that's a positive. Does Red Hat 
become so dependent on the 
Oracle support business that 
they're a better target for 
takeover? Potentially." 

When asked whether Oracle 
had made an attempt to acquire 
Red Hat, Oracle chief corpo- 
rate architect Edward Screven 
said, "No comment." 

Red Hat did not comment on 
the announcement but did issue 
a statement. "The opportunity 
for open source just got bigger. 



Oracle's announcement further 
validates open source and Red 
Hat's technical leadership. We 
will continue to optimize Red 
Hat Enterprise Linux for Oracle 
and compete on value and 
innovation," read the official 
response. 

Immediately following the 
closure of Ellison's keynote, 
however, Red Hat stock was 
sinking as much as 10 percent in 
after-hours trading. 

But there could be other 
casualties from Oracle's support 
offerings, said 451 Group's 
Schneider. Companies like 
Spike Source that offer support- 
ed Linux application stacks 
could see their customers flock 
to the Oracle support offerings. 

Schneider added that the 
difficulty of aggregating and 
distributing updates for various 
stack pieces is vastly decreased 
with a company the size of Ora- 
cle offering automatic patch 
installation for the operating 
system. Schneider said that it's a 
matter of time before those 
updates move up the stack and 
shove third-party stack compa- 
nies out of the playing field. I 
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Sybase Subsidiary Updates Mobile Portfolio 

Information Anywhere Suite rounded out with releases of Afaria 5.5 and OneBridge 5.5 



BY P.J. CONNOLLY 

iAnywhere, a subsidiary of 
Sybase, used last month's 
Mobile Business Expo in 
Chicago to unveil the latest 
update of its Information Any- 
where Suite. The release of 
new versions of the Afaria 
management and security 
package and the OneBridge 
messaging platform rounds out 
the first phase of the compa- 
ny's portfolio for mobile 
devices, ranging from PCs to 
smart phones. 

"A big focus of the Afaria 5.5 
and the OneBridge 5.5 prod- 
ucts is around interoperability 
between these two product 
lines. . .making all of those tech- 
nologies operate seamlessly 
together," said iAnywhere prod- 
uct management director Shari 
Freeman. 

Afaria 5.5, with OneBridge 
and Microsoft Exchange Serv- 
er, enables end-to-end security 
of e-mail and other data, 
including cryptographic mod- 
ules validated to the U.S. gov- 
ernment's FIPS (Federal 
Information Processing Stan- 
dard) 140-2 requirements. 
"We can keep the e-mail 



secure, and not interrupt the 
flow of new e-mail to the 
device," said Freeman. 

The Afaria security manager 
now offers customized pass- 
word entry screens for mobile 
devices, improvements to the 
look and feel of the user inter- 
face and full-disk encryption 
technology for Windows 
devices managed by Afaria. 

The new release also fea- 
tures improvements in wireless 
provisioning: "Now with 5.5, 
directly from the administrative 
console, an administrator can 
type in the phone number of a 
new device, and Afaria will 
send out an SMS message to 
that device. Users [can] click on 
that message, and Afaria gets 
downloaded and installed," 
Freeman noted. 

Afaria 5.5 also adds the abil- 
ity to remotely control and 
manage Windows Mobile 
devices. This can reduce sup- 
port costs by allowing users to 
keep devices in the field instead 
of continually sending them 
back to the home office for one 
issue or another. 

OneBridge 5.5 works with 
more than 130 mobile devices, 
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Sybase's iAnywhere's Afaria 5.5 
enables end-to-end security of 
data, and allows e-mail pushing to 
encrypted and locked devices. 



and now those running the 
Symbian 9 OS, including 
Nokia's E and N series, and 
Sony Ericsson's m600 and P990 
phones as well. 

Developers can take ad- 
vantage of new features in 
OneBridge that leverage the 
Windows Mobile smart phone 
platform and allow One- 
Bridge components such as 



communication, data synchro- 
nization and remote object 
access to be embedded into 
applications. They now can 
also use the OneBridge 
Mobile Data Suite to access 
servers running Sybase SQL 
Anywhere through Windows 
Mobile, as well as Windows. 

From a user's perspective, 
OneBridge 5.5 adds the ability 



to perform lookups in a corpo- 
rate directory, without down- 
loading the entire address book. 
The new version also allows the 
user to define when mail and 
other data get pushed to the 
device, and includes an 
enhanced interface that allows 
users to subscribe to subfolders 
that they wish to replicate to 
the device. I 



Microsoft Gives Full Access to Win CE Kernel 

Update includes Visual Studio Professional Platform Builder 



BY P.J. CONNOLLY 

Earlier this month, Microsoft 
announced the availability of 
Windows Embedded CE 6.0, 
the company's platform for real- 
time operating systems, as a 
sort of 10th anniversary present 
to the Windows Embedded 
community. 

The new release of CE 
marks a milestone in Micro- 
soft's commitment to the com- 
pany's shared source initiative. 
For the first time, 100 percent 
of the kernel will be available to 
device makers for full source 
code access, allowing modifica- 
tion and redistribution without 
any compulsion to share the 
final designs. This amounts to 
an increase of 1.4 million lines 
of shared code over the 2.5 mil- 
lion lines of CE 5.0 code that 
were available. 

Another first for CE 6.0 is 
the inclusion of Visual Studio 
2005 Professional, including 



the embedded-specific Plat- 
form Builder for CE plug-in, 
giving developers a single tool 
for end-to-end development of 
embedded applications. Plat- 
form Builder is updated in this 
release with runtime licensing 



I'M- 




analysis, a new ARM device 
emulator, improved compilers 
and editors, and post-mortem 
debugging features. 

The CE kernel was 
reworked in this release with an 
eye to future-proofing: The 
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The Windows Embedded CE 6.0 architecture allows developers to run in 
kernel mode for performance or user mode for stability. 



new release supports 32,000 
simultaneous processes and 
2GB of virtual memory address 
space without compromising 
the real-time capabilities of the 
operating system, allowing 
developers to incorporate in- 
creasingly complex applications 
into devices without concern 
for device headroom. The new 
release adds a filesystem de- 
signed to support new storage 
media, larger file sizes and 
encryption of removable media 
for security. 

CE 6.0 allows developers to 
create digital video recorders, 
IP-enabled set-top boxes such as 
those used by Microsoft TV, and 
networked media devices with 
multimedia capabilities using 
the DVR and Windows Media 
Connect components. The 
forthcoming Zune music player 
uses CE by design. Jason Stolar- 
czyk, marketing manager for the 
Windows Embedded Devices 



division, argued, "Why reinvent 
the wheel when you've got the 
best thing under your roof?" 

The new release is also aimed 
at the makers of media devices 
for business, and includes the 
Windows Network Projector 
component designed to facilitate 
the building of projectors that 
support Windows Vista clients 
over wireless connections. 

But what may be the most 
dramatic addition to the CE 
toolkit in version 6 is the debut 
of a so-called "Cellcore" stack 
supporting cell voice and data, 
targeted at devices such as 
parking meters and vending 
machines that would access the 
"mobile" telephone network 
for machine-to-machine con- 
nections, whether for inventory 
management or transactional 
use. 

Device makers including 
Advantech, Commodore Inter- 
national, General Software, 
Intelligent Instruments, Micros 
Systems, Unitech and Wyse 
Technology are expected to 
bring products utilizing the 
new technology to market this 
quarter. I 
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Developers moving into VS 2005 say fnundation 
for collaboration is poured, but features still ... 
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BY P.J. CONNOLLY 



Microsoft's Visual Studio develop- 
ment platform has been a corner- 
stone of the company's develop- 
ment strategy for years. Essentially, if 
one intends to develop for .NET, the 
Visual Studio IDE is the only reasonable 
choice of tool. Although the community 
seems to be satisfied with the core of the 
ecosystem — the core IDE, languages 
and so forth — some discontent with the 
way Microsoft has handled the chal- 



lenges of a rapidly shifting landscape lies 
just below the surface. 

With Windows Vista due to land in 
the hands of business customers at any 
moment and general availability due at 
the end of January, there's a growing 
sense that Microsoft may unintentional- 
ly be offering its customers an excuse to 
avoid the new operating system. The 
disconnected release of the APIs in 
Vista, and the tools to fully exploit 
them — not due until the release some- 



time next year, maybe, of Visual Studio 
"Orcas" — provides another reason for 
businesses to do so, beyond Vista's hard- 
ware demands. 

But perhaps of most concern to enter- 
prise developers is a sense that the key 
collaboration tools Microsoft offers to 
developers — the Visual Studio Team 
Foundation Server and the associated 
role-based packages aimed at architects, 
testers and, soon, database profession- 
als — are a long way from being complete. 



A CUSTOMER LOOKS AT TFS 

In conversations with members of 
the Visual Studio community, there 
appeared to be a great deal of agree- 
ment that Visual Studio's Team Founda- 
tion Server (TFS) has a way to go before 
it's as mature as the rest of Visual Studio. 
Although several people echoed these 
sentiments during interviews, one was 
particularly eloquent on the pros as well 
as the cons of TFS. 

continued on page 34 ► 
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Chris Kinsman, founder of 
custom development organiza- 
tion Vergent Software, de- 
scribed the experiences of his 
developers as being typical of "a 



1.0 release, with all that implies 
and intends." Vergent 's devel- 
opment teams started using 
TFS because source code con- 
trol was an issue for them and 
the mix of CVS and VSS (Visual 



Source Safe) wasn't getting the 
job done. 

"From the source control 
standpoint, they're happy, com- 
pared to where they were using 
WinCVS or VSS," Kinsman not- 



ed. "The features that are in 
TFS... are pretty darn solid; 
they haven't run into too many 
issues with them, doing... the 
typical things you might want to 
do with a high-end package." 
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Once you begin to go outside 
the core, however, the story 
changes, he chuckled. 

"Typically, the next thing 
they want to look at [is] the 
team build tool," Kinsman con- 
tinued. "They hop on the build 
bandwagon, and the problem 
that they find... is that it is a 
very lightweight one-way wiz- 
ard that, unless you have the 
simplest build in the world, is 
not going to fulfill your needs." 
Even then, he pointed out, 
instead of a usable front end, 
his coders find themselves "get- 
ting down and mucking around 
in XML." 

Even worse, he noted, is 
"the lack of continuous integra- 
tion. [There's] not even a way to 
schedule a build; you have to go 
out and use Schedule Tasks in 
the operating system." 

TROUBLE AT CHECK-IN 

Check-in policies are another 
area in which Kinsman and his 
developers see TFS as being 
not quite there yet. Developers 
"really like the idea of check-in 
policies in the source control 
system. The problem is the 
way you develop check-in poli- 
cies forces to you to figure out 
how you're going to deploy 
the check-in policies, because 
they're actually client-side 
source code that lives on the 
desktop, that are not deployed 
by TFS." 

Kinsman believes the con- 
cept of work items, such as 
defects and features, is a good 
one, but the execution in TFS 
falls short. "The story behind 
work items is fairly strong; it 
makes sense. I couldn't count 
the number of tools we had for 
tracking defects, features and 
everything else, that had been 
built internally over the last 20 
years." 

Kinsman likes the idea of 
using a centralized repository 
for work item storage, but what 
happens when his developers 
need to edit or change the 
behavior of the work items is 
ugly. "If you want to edit one, 
you get a big giant XML file 
and you start typing," he said. 
Developers have no front end 
for work items and are forced to 
"tweak some XML, put it back 
in there, see what it looks like, 
take it back out" — hardly an 
easy or efficient process. 

At Vergent, the next prob- 
continued on page 36 ► 
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Micrtsoft Unwraps Adas, WinFX and Cypress 



BY P.J. CONNOLLY 

With Visual Studio "Orcas" still 
far over the horizon, Microsoft 
planned to throw its developer 
community some bones at last 
week's VS Connections confer- 
ence in Las Vegas by unveiling 
long-awaited tools and tech- 
nologies designed to propel the 
next generation of Windows 
application development. All of 
the tools are either available 
now, or should be released by 
years end. 

Microsoft was to announce 
at the show that the Visual Stu- 
dio 2005 Tools for the 2007 
Microsoft Office System (for- 
merly Cypress and also known 
as Visual Studio 2005 Tools for 
Office Second Edition, or 
VSTO) had been released to 
manufacturing. 

The new add-in tools for 
Visual Studio add support for 
PowerPoint and Visio, joining 
Excel, InfoPath, Outlook and 
Word. According to VSTO 
product manager Mike Her- 
nandez, the goal of the new 
Visual Studio tools is to bridge 
the gap between Office and 
Visual Studio, to bring Office 
developers into the profession- 
al-grade environment. 

Forrester Research vice 
president and research director 
Mike Gilpin sees the new VSTO 
tools as finally fulfilling the 
promise of the old Office SDK. 
"Those core technologies that 
enable Office to be used as a 
front end to services that are 
delivered within a service-ori- 
ented architecture [are] a really 
powerful concept. It won't be 
the right client technology for 
everybody; you really need to be 
somebody who lives in Office." 

Microsoft was expected to 
announce at VSConnections 
that ASP.NET AJAX (formerly 
Atlas) had reached the release 
candidate stage, after spending 
much of the summer chugging 
through various Community 
Technology Previews before a 
beta was released Oct. 20. 

The blog of ASP.NET AJAX 
project manager Scott Guthrie 
noted, "We believe the [cur- 
rent] API definitions . . . are now 
pretty close to being final." For- 
rester's Gilpin agreed: "We've 
been saying to folks. . .that Atlas 
is something you can seriously 
consider using today, even 
though it's not in its final pro- 
duction version." 

Finally, VSConnections 



served as a coming-out party of (ex-Indigo), Windows Presenta- 



sorts for .NET Framework 3.0 
(formerly WinFX), the umbrel- 
la name for Windows Card- 
Space (ex-InfoCard), Windows 
Communication Foundation 



tion Foundation (ex-Avalon) 
and the Windows Workflow 
Foundation. 

SD Times learned before 
the show that the business 



release of Windows Vista, due 
for November, would also mark 
the release of the downloadable 
.NET 3.0 add-ins for Windows 
Server 2003 and Windows XP 
In both cases, service packs will 



be required; on the server side, 
Service Pack 1, and for XP, Ser- 
vice Pack 2. Because the new 
version uses the same base class 
library and Common Language 
Runtime as .NET Framework 
2.0, existing .NET applications 
will require testing only if they 
were designed using the 1.x 
releases. I 
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Command-line client 

The command-line client in Teamprise is 
perfect for scripting and non-GUI scenarios. 



Plug-in for Eclipse 

The Teamprise plug-in for Eclipse allows a developer to 
perform source control and work item tracking operations from 
within the Eclipse IDE. This plug-in is also compatible with IBM's 
WebSphere Studio and Rational Application Developer IDE. 

Explorer client 

Teamprise includes a stand-alone client application which 
features an Explorer-style user interface for developers not 
working within an IDE. 
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lem surfaces when trying to 
accommodate the work items 
that come from the field. Kins- 
man explained that "defects 
that a customer reported typi- 



come in through other 
in our case, People- 



cally 
systems- 
Soft. As problems need to be 
escalated... into what develop- 
ers use, there's really no con- 
duit." The upside for him is 



that TFS has what he called a 
great API, which his crew is 
using to build its own People- 
Soft connector. 

Kinsman's final issue with 
TFS is scalability. At the team 



level, TFS "works great," he 
said. "But if I want to look at my 
project portfolio across the 
company, it completely falls 
apart." The problem, he argued, 
is that no way exists to quickly 
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roll up data across the entire 
development organization, or to 
provide an enterprisewide view 
of developer activity. 

HOW SCALABLE? 

Forrester Research vice presi- 
dent and research director 
Mike Gilpin agreed that TFS 
has some growing ahead of it. 
Nevertheless, he sees it as valu- 
able in light of new concerns for 
software development man- 
agers. "One of the opportuni- 
ties that now unfolds before 
Microsoft is in taking the core 
technologies for Team Founda- 
tion Server and using that to 
enable some of the other kinds 
of capabilities that you would 
expect repository technology to 
enable, such as governance of 
the life cycle in general, and 
SOA policies in particular." 

But he noted that there's a 
tug of war within Microsoft over 
how scalable TFS really needs to 
be. "Our own data shows that 
big projects are not the factor 
they once were," Gilpin noted. 
"The typical project size today is 
fewer than six developers work- 
ing for fewer than six months to 
deliver. Cycle times are moving 
down even more when you look 
at the Web 2.0 context, where 
people may update capabilities 
on their site once a week, or 
even multiple times per day at 
the bleeding edge." 

Gilpin continued, "As those 
cycle times shrink, the concern 
that developers have in that 
small-team rapid-cycle-time sit- 
uation are less about those big 
enterprise concerns like SOA 
governance, and more around: 
'How can I turn the crank faster 
than I'm turning it today?' " 

ORCAS STILL UNDERWATER 

But the other elephant in the 
room is Windows Vista and the 
lack of production-grade tool- 
ing for the flagship operating 
system. Tim Huckaby, CEO 
of enterprise application devel- 
oper Interknowlogy, noted, 
"That's the big problem. The 
Windows guys create some- 
thing awesome in the plumb- 
ing, and then the tool's got to 
catch up to make it easy to 
implement." 

Huckaby believes that, for 
now, development in the Win- 
dows Presentation Framework 
(WPF, formerly Avalon) re- 
quires "some slinging of some 
code and some good developers 
to get that thing to sing, only 
because currently WPF is not 
shipping, and inherently, the 
continued on page 37 ► 
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VS Foundation Still Under Construction 



< continued from page 36 

tool's not ready yet." 

Huckaby and his developers 
are looking to the next release of 
Visual Studio — rumored for 
next year and code-named 
Orcas — to make up for the cur- 
rent shortcomings. "The bold 
promise of Orcas is to make 
WPF easy, just as easy as it is for 
WinForms, and [make] things 
like drag-and-drop 3D realistic." 

Huckaby believes Microsoft 
has a solid foundation in the cur- 
rent release. "Whidbey [Visual 
Studio 2005] is awesome; it's a 
fantastic tool." But, he conced- 
ed, "we're eons away from an 
Orcas build that we can use." 

UPHILL VISTA BATTLE 

Forrester's Gilpin agreed that 
developers looking to exploit 
Vista face an uphill battle. "It 
would be much better if the 
tooling to take advantage of 
those new capabilities was GA 
within a short period of time 
following the availability of 
Vista. The fact that it's not, the 
fact that you have to use bits of 
add-on technology that you pull 
off of MSDN, and those are 
pre-release bits... adds to the 
complexity of the process of 
establishing a development 
environment and creates ongo- 
ing headaches for people who 
are trying to develop for Vista." 

Gilpin pointed out, "For any 
particular project, the need to 
target Vista may not involve that 
significant an embrace of the 
new features and functions." 
However, and "especially if 
you're an ISV, and you're look- 
ing to build packages that 
exploit some of the rich graphics 
capabilities of WPF or things of 
that nature, you're really wish- 
ing that you had a lot more in 
the way of tooling today." 

Gilpin noted that many 
developers won't care as much 
about the interface as they will 
about Vista's new communica- 
tions framework. "It might be 
nice to have more tooling for 
automating the usage of some of 
the new capabilities in WCF, but 
you can get by just calling those 
APIs in your application as 
they're currently provided, and 
it's not really that big of a deal." 

But it's not just the advance 
of software paradigms that may 
cause headaches for Microsoft. 
Industry pundit and SD Times 
columnist Larry O'Brien point- 
ed out that the explosion of 



multicore CPU designs creates 
a new challenge for developers 
that today's languages simply 
aren't prepared to meet. 

So where does Microsoft go 
from here with Visual Studio? 



The most obvious answer is: 
Get cracking on Orcas to 
resolve the Vista tooling issue. 
The more difficult problem is 
how to address the collabora- 
tion needs of developers with 



Team Foundation Server. 

Vergent's Kinsman and his 
developers seem to be the tip of 
an iceberg, in calling for more 
scalability. But if Gilpin's analy- 
sis is correct, Microsoft has to 



figure out a way to package TFS 
and the associated role-based 
packages in a way that makes 
sense for smaller shops with a 
handful of developers, as well 
as the big ones. I 



Introducing the First True Controls for "ATLAS" 

A New Breed of Components Built Specifically for the Most Advanced AJAX Framework Available. 
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The release of Microsoft's AJAX Library and ASP.NET 2.0 AJAX Extensions (formerly 'Atlas') heralds a 
new era of richer, more interactive web applications, and ComponentArt Web. U I 2006.2 for 'Atlas' brings 
developers the first controls designed to fully utilize this new framework. Deeply integrated into 'Atlas', 
Web.UI version 2006.2 offers the greatest degree of client-side programmatic control in the industry. 

Experience the New Breed of 'Atlas' Controls Today at atlas.componentart.com 
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FROM THE EDITORS 

17 Million. Amazing! 

Seventeen million software developers by 2009. That's an amazing 
number of people working on software. In raw terms, that's more 
than the populations of Sweden, Chad, Austria, Tunisia and many other 
countries. That's about the same as the population of Florida, or New 
Jersey and North Carolina put together. 

According to a report from Evans Data, a research firm, while all regions 
of the globe will be adding programmers, the fastest growth will be in the 
Asia-Pacific region. That'll shift the weight of software developers away 
from its traditional base in North America and Europe/Middle East/Africa. 

Granted, many of these software developers in APAC will be doing 
lower- visibility work, such as testing or maintenance. The bulk of devel- 
opers doing core programming, according to Evans, will stay in North 
America and EMEA. But rest assured that millions of knowledge work- 
ers in APAC will be advancing the state of the art of development by 
designing the next class of application, and creating the next frameworks 
to build applications in. 

That's exciting. Software drives so many things that we do each day — 
literally, with systems in automobiles, airplanes, communications devices, 
set-top boxes and who knows what next. We've seen prototypes of kitchen 
refrigerators that can call out to a PeaPod-type grocery delivery service 
when the milk is low. Somewhere, the next jaw-dropping invention is 
already in the works. That new innovation might come from California, 
Israel or Ireland. Or it might come from India, China, Russia or Egypt. 

We have seen the way software has changed our lives in so many ways. 
With 17 million developers working to improve our quality of living, 
explore our seas and space and bring us all closer together in a global 
neighborhood, the future can only be even more amazing. 

Oracle Gets Its Linux 

When Larry Ellison stood on stage at his Oracle OpenWorld confer- 
ence and declared that his company would begin offering service 
and support contracts for Red Hat Linux that were similar to those 
offered for its database products, many in the audience snickered. On 
the surface, Ellison was simply acting out of spite over what has been 
reported as a failed takeover bid for the Linux vendor. 

But looking deeper, the move appears to have been born out of frustra- 
tions of a different kind. Ellison was swift to point out that his company has 
been pushing Linux for six years now, and that it has had little success in 
pushing the open-source operating system into enterprise environments. 

Rather, Microsoft and Sun have remained the biggest operating sys- 
tem players in Oracle's core market, the large enterprise, with the former 
still holding its massive lead in operating system mindshare. With doors 
remaining shut to Linux, it was only a matter of time before companies 
advocating the penguin-festooned operating system had to improvise. 
And, in true Oracle fashion, Ellison and his crew created a new product 
offering that was both totally brazen and entirely unexpected. 

Oracle Linux may have been unexpected, but it was understandable. 
While there are those that worry about Oracle eating Red Hat's lunch 
and forking the world's most popular enterprise Linux distribution, the 
real trend here is a move down the stack for Oracle. 

Oracle has long chased after Microsoft's gravy trains, and envied that 
competitors like IBM offered their own operating systems. With the new 
support offerings, it seems that Oracle has actually incorporated a 
Microsoft business strategy, albeit in reverse. Microsoft doesn't offer pro- 
fessional support services for the vast majority of its customers. Instead, 
third-party companies and consultants take that job. Here, Oracle is 
playing third-party consultant to Red Hat Linux — and going a step fur- 
ther, by removing Red Hat's trademarks and rebranding the product. 

Whether or not this hurts Red Hat is irrelevant, in the big picture. 
Rather, this is another step in Oracle's long war against its top competi- 
tors, like IBM, Microsoft and SAP, over enterprise software. I 



The Rise of Cross-Site Scripting 



Word is that next year Toyota will 
sell more vehicles than General 
Motors. This really shouldn't come as 
too much of a surprise; Toyota has 
been turning a larger profit than GM 
for quite a while now. Still, it will 
be the first time in 80 years that GM 
hasn't been on top. The world is not 
what it once was. 

It turns out that some- 
thing very similar has hap- 
pened with software vulnera- 
bilities. 

Since the dawn of the 
Internet, the buffer overflow 
has been king. The Morris 
worm (the first worm seen on 
the Internet) exploited a 
buffer overflow in sendmail as 
one of its methods of propa- 
gation, and buffer overflows 
have dominated the vulnerability land- 
scape ever since. 

Well, until 2005 anyway. Steve 
Christey, one of the maintainers of the 
CVE database (cve.mitre.org), reports 
that in 2005, the most-reported vulnera- 
bility was cross-site scripting. Not only 
that, but buffer overflow wasn't even in 
second place. The lineup in 2005 looked 
like this: 

1. Cross- Site Scripting (16.0 percent) 

2. SQL Injection (12.9 percent) 

3. Buffer Overflow (9.8 percent) 




2006 is shaping up to be even worse 
for the venerable buffer overflow; it's on 
track to fall out of the top three: 

1. Cross-Site Scripting (21.5 percent) 

2. SQL Injection (14.0 percent) 

3. PHP remote includes (9.5 percent) 
Why such a dramatic change in soft- 
ware vulnerabilities? There are four 
things going oi 

First, Web vulnerabilities 
are easy to find. Firewalls 
and intrusion detection sys- 
tems don't usually look at 
Web traffic, and most Web 
sites are quite content to 
allow you to poke at them 
until you've found the vul- 
nerability you want. Attack- 
ers use tools to automatically 
scan sites for vulnerabilities. 
Second, Web vulnerabili- 
ties are easier to exploit. In most cases, 
it's a lot easier to develop a working 
exploit for a Web vulnerability than it is 
to write some robust shell code to 
exploit a buffer overflow 

Third, there are valuable things on the 
Web. Every day there are more sites, 
more services, more transactions and 
more traffic on the Web. You could find 
plenty of cross-site scripting vulnerabili- 
ties in 1998 too, but there wasn't so much 
to gain by exploiting them. There weren't 
enough sites holding valuable data, and 
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A TOUR OF THE VULNERABILITIES 



Unfamiliar with some of the vulnerabilities I mentioned? Here 
are some brief definitions complete with code samples. 

Name: Buffer Overflow 

Cause: An unchecked boundary condition allows an attacker to 

write data outside the bounds of allocated memory. 

Effect: An attacker may be able to insert new instructions into 

the program and have the program execute those instructions. 

This allows the attacker to take control of the target program. 

Vulnerable code sample (written in C): 

char buf [128] ; 

gets (buf) ; 

Name: Cross-Site Scripting 

Cause: The application writes unvalidated output in an HTTP 
response. 

Effect: An attacker is able to write data to the victim's brows- 
er. The attacker may exploit a known browser vulnerability, or 
use JavaScript to run a phishing scam. More advanced attacks 
against a victim's intranet are possible. 
Vulnerable code sample (written in Java): 

String name = request . getParameter ("name" ) ; 

response. getWr i ter () . print In (name) ; 



Name: PHP remote 

Cause: The program uses a reguest parameter to specify the 

name of a source file. 

Effect: An attacker can provide a URL where the program 

expects a file name. The result is that code will be loaded from 

the URL and executed. 

Vulnerable code sample: 

<?php if($body) { include ($body.php) ; } ?> 

Name: SQL Injection 

Cause: The program uses unchecked user input to assemble a 
SQL guery. 

Effect: By including SQL meta-characters as part of the input, 
an attacker can alter the meaning of the guery or add addi- 
tional SQL statements to the database reguest. This allows the 
attacker to view unauthorized data or modify the database. 
Vulnerable code sample (Written in C#): 

sql = "SELECT * FROM items " + 

"WHERE item = "' + ItemName.Text + " ' " ; 

sda = new SqlDataAdapter (sql, conn); 

sda.Fill (myDataTable) ; 

—Brian Chess 



there weren't enough visitors to make real 
money exploiting Web vulnerabilities. 

Finally, it takes time and concerted 
effort to write Web applications that 
don't contain vulnerabilities. PHP 
makes it easy to accidentally allow 
cross-site scripting, SQL injection or 
remote attacks. Languages such as Java 
and C# make buffer overflow a vanish- 
ing possibility, and they even provide all 
the tools you need to avoid SQL injec- 



tion, but they still make cross-site 
scripting hard to avoid. 

To make matters worse, we still 
haven't made progress toward elimi- 
nating buffer overflows. Christey's data 
shows that the number of buffer over- 
flow reports is holding steady at 
between 250 and 450 per year. Web 
vulnerabilities, on the other hand, have 
skyrocketed beginning in 2003. (In 
total, there were three times as many 



vulnerabilities reported in 2005 as 
there were in 2001.) 

If there's one lesson to be taken away 
from this data, it's this: You can no 
longer write a Web application without 
thinking about security. Programmers 
need to understand that their code isn't 
complete until it's secure. I 

Brian Chess is chief scientist at Fortify 
Software. 
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AS DETAILS around the Open Uni- 
fied Process and the Essential Unified 
Process emerge, agile development 
approaches are becoming — well — more 
agile. 

It's not that OpenUP, part of the 
IBM-led Eclipse Process Framework 
project, or EssUP, the brainchild of 
Unified Modeling Language co-inventor 
Ivar Jacobson, are 
likely to prove in- I 
herently superior 
to Adaptive, Crys- i 
tal, Extreme Pro- 
gramming, Scrum I 
and other agile 
methodologies. It's 
that both works-in- -^ 

progress recognize 
the reality: Devel- 
opment managers l 
don't adopt agile JACOBSON 

processes wholesale. Instead, they 
devise their own, borrowing, for exam- 
ple, a lot from XP, and a little from 
Scrum. 

The thinking behind OpenUP and 
EssUP reflects that reality. OpenUP, by 
definition, derives pieces from differ- 
ent methodologies and ties them 
together. EssUP is also adaptable, 
allowing managers to replace its own 



j 



approach to use cases, for example, 
with XP's user stories. 

That flexibility can only help drive 
up adoption of agile software develop- 
ment processes, which, according to a 
November 2005 Forrester Research 
report, are in use at only 14 percent 
of North American and European 
enterprises. 

-Jennifer dejong 

IT'S BEEN FIVE YEARS since IBM 
launched Eclipse as an open-source 
project. The technology had been incu- 
bating inside Big Blue since the late 
1990s as a next-generation Java IDE, 
but IBM's announcement that it was 
open-sourcing Eclipse, on Nov. 7, 2001, 
set the platform on the path to great- 
ness. Today, Eclipse is second only to 
Microsoft's Visual Studio in adoption, 
and has surpassed Sun's NetBeans and 
Borland's JBuilder in the Java space. 
IBM's commitment to Eclipse was fur- 
ther demonstrated by its willingness to 
divest itself of its intellectual property 
and form the independent Eclipse 
Foundation in February 2004. But the 
unprecedented move toward open 
source was the kicker that launched 
Eclipse into orbit. 

-Alan Zeichick 



EARLIER THIS MONTH, I attempted 
to open a Roth IRA through an invest- 
ment firm's Web 
site. The whole 



affair disintegrated 
when I discovered I 




their site was full of 
small bugs that 
made submitting 
my information a 
terrible chore. Un- 
fortunately, said ROTH 
company could not open an IRA for me 
without using this Web site. When 
designing your newfangled SOA-based 
Web 2.0 system, remember, there will 
likely be people in your customer base 
who would still prefer to talk to a human 
and walk through the process step by 
step over the phone. It's just the way 
some of us are wired. Unless your site is 
absolutely perfect and devoid of all bugs, 
you should always have a back-up 
entrance into your company's products. 
Without that, you'll lose customers like 
me who get frustrated when they have to 
enter their address into the same Web 
form six times in one hour. 

-Alex Handy 

CORRECTION 

Quest's Toad for DB2 does not support 
connections to AS/400 installations, as 
was reported in error in an article in the 
Oct. 15 issue. 
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Compiler Texts Don't Keep Pace 



Allen Holub's column "Just Say No to 
XML" (Sept. 1, page 41) caused 
quite a stir on the SD Times mailing list. 
Was Allen hinting at an update to his 
excellent book, "Compiler Design in C"? 
An exciting prospect, given Allen's evo- 
lution into one of the premier teachers 
of object-oriented design. There is a cry- 
ing need for a book on language design 
and compiler implementation using 
modern programming techniques. 

The economics of writing a program- 
ming book, though, are grim: Half or 
three-quarters of a year of effort are rea- 
sonable estimates of what's necessary to 
write a quality text on a complex subject, 
and estimated sales in the single-digit 
thousands are realistic. Sadly, Allen has 
not blinded himself to the facts, and 
absent a deluge of encouragement from 
potential buyers (hint, hint), a revision 
doesn't seem forthcoming. So I took the 
opportunity to take a look at some other 
resources for the programmer interested 
in language design and implementation. 

First, I'm afraid I have to reiterate 
the gap between books and practicality. 
I took a look at the just-released revi- 
sion of "Compilers: Principles, Tech- 
niques, and Tools" (aka The Dragon 
Book), by Alfred V. Aho, Ravi Sethi and 
Jeffrey D. Ullman, and unfortunately it 



reads like a textbook in support of an 
outdated curriculum. 

The "techniques and tools" exclusively 
speak to a world of chip-level code gen- 
eration and the use of lex and yacc. Even 
there, a code sample that returns a point- 
er is defined as returning an integer — an 
anachronism in C, never mind C+ + . 

As far as principles go, the 
coverage of the chosen princi- 
ples is thorough, but there is a 
frustrating lack of coverage of 
modern issues. Certainly any- 
one picking up a book on com- 
pilers written in 2006 would I 
expect to find a discussion of I 
dynamic languages, "duck typ- 
ing" and code generation for 
virtual machines. What about 
Parsing Expression Grammars 
and Packrat parsing, which seem to be 
exploding the accepted wisdom that 
recursive-descent approaches are limit- 
ed? On all these subjects, the Dragon 
Book is silent. 

If you're writing a compiler, you'll 
likely want some textbook-like refer- 
ence, though, and The Dragon Book is 
a touchstone for most people in the 
field. However, ultimately, I prefer 
"Modern Compiler Design," by Dick 
Grune, Henry E. Bal, Ceriel J.H. 
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Jacobs and Koen G. Langendoen, 
which may not have quite the same 
depth, but has a slightly broader scope 
(although it, too, predates most of the 
above-mentioned "hot" topics). 

Grune et al. cover some aspects of lan- 
guage design, but if you get serious, you 
should definitely put Michael L. Scott's 
"Programming Language 
Pragmatics" in your cart as 
well (if you stick with The 
Dragon Book, it's even easier 
to recommend Scott as an 
adjunct). Since I am mostly 
concerned with the CLR, I 
would cover my bases by 
I pairing Grune with Serge 
Lidin's well-written "Expert 
.NET 2.0 IL Assembler." 
Like most people who 
flirt with implementing languages, I 
generally use a tool to generate the pars- 
er. I prefer ANTLR, which can generate 
sophisticated parsers in a number of lan- 
guages, including C#, Java and Ruby. 

Microsoft's Software Factories initia- 
tive is in the process of developing tools 
for the creation of domain-specific lan- 
guages. It was natural for me to take a 
look at these, which I hadn't looked at in 
a year or so. I have to admit that I came 
away more confused than enlightened. I 
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can't say for certain what the problem 
is — perhaps I carry too many assump- 
tions from my more traditional back- 
ground in language issues, perhaps 
Microsoft hasn't made the push for tuto- 
rial documentation, or perhaps I'm just 
missing a crucial concept. Whatever it is, 
Microsoft's current CTP did not stay on 
my hard drive long. 

I heartily agree with Allen Holub's 
assertion in his prior column that pars- 
ing techniques should be part of the 
professional developer's arsenal. Sadly, 
though, I think that knowledge of these 
techniques is considerably rarer today 
than it has been in the past. Doubly 
saddening is my conclusion that 
resources for learning these techniques 
haven't kept pace with developments — 
packrat parsing, virtual machines, 
shared source examples such as Iron- 
Python — that should make this the 
golden age of little languages. 

If there's a bright spot, perhaps 
it's that the field is so wide open that 
anyone with a sincere interest in devel- 
oping a language is likely to be wel- 
comed into the community. And, per- 
haps, they'll be so caught up in their 
own project that they'll write the 
much-needed modern book on compil- 
er construction. I 

Larry O'Brien is a technology consul- 
tant, analyst and writer Read his hlog at 
www. knowing, net. 
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Realization of Visualization 



In my last column, I discussed how new 
uses of virtualization are providing 
developers and testers with innovative 
solutions that go beyond the traditional 
use case of verifying code portability In 
this installment, I want to show addi- 
tional applications of virtualization that 
are secondarily related to development. 
They illustrate how effectively the tech- 
nology can be leveraged, given a little 
creative thinking. 

Training. Any developer who has 
been to a class with a hands-on lab has 
known the frustration of wasting time 
installing and configuring tools and soft- 
ware. Trainers, too, are driven mad by this 
problem. Virtualization is tailor-made for 
this problem, and it provides two alterna- 
tive approaches. The first is to give every- 
one a DVD with virtualization software 
and a VM system image. Have students 
install the former and then load the latter. 
Fifteen minutes later, every student is 
looking at the same software screen and is 
ready to begin working. This scenario, 
however, can be improved. Surgient, a 
company in Austin, Texas, with several 
virtualization packages, provides software 
to host those VMs on corporate systems. 
A trainer sets up one VM, then loads up, 
lets say, 15 images onto a server before a 
class. The students then dial into the VMs 



using remote desktop protocol (RDP) or 
VNC (a free desktop-sharing protocol 
from RealVNC atwww.realvnc.com). For 
this, students need only network connec- 
tivity and they don't have to load any soft- 
ware to start tackling the lab work. An 
additional benefit is that, at the end of 
class, the students can pick up the image 
of their VM, so that all their 
work is available to them and 
they can continue working 
where they left off. 

Demos. Last week, I was 
on-site at a vendor of enter- 
prise software who was show- 
ing me the latest in ESB tools. 
During the demo, the engineer 
suddenly encountered a prob- 
lem that brought the whole 
show to a stop for 15 minutes. 
After a lot of embarrassed scrambling, she 
discovered that the previous user of the 
demo example had left the software in an 
unexpected state. Such problems happen 
all the time. If you've been to trade shows 
and conferences, you surely have had the 
experience as well. For such demos, virtu- 
alization saves the day. You set up and 
configure the demo in a VM, verify it and 
then carefully store the VM image in a 
library. Now, anytime you want to trot out 
the demo, you make a copy of that library 
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image. This step assures you that your 
demo system is always in a known clean 
state and that it works. Moreover, if you 
decide to upgrade the demo, you can 
upgrade all instances immediately by 
changing this one VM. 

Some demos require multiple systems 
(such as a database server and a Web 
server) to properly illustrate 
important features. Tradition- 
ally, sales folks have solved 
this problem by running a 
small instance of a DBMS and 
a Web server on the demo sys- 
tem. This solution is work- 
able, but fraught with danger. 
A better way to solve this is to 
host the demo on company 
servers, using VMs for all the 
constituent systems and for 
the demo software itself. Prospective cus- 
tomers log in from their own systems, in 
a manner akin to the training scenario I 
just described. This solution has the 
added benefit of allowing multiple partic- 
ipants in a meeting to each have their 
own demo experience. 

Tech Support and Helpdesk. One 
frustration tech-support workers grap- 
ple with is the exponential combination 
of configurations that arise when a prod- 
uct can access several databases, work 



with several Web servers, and run on 
multiple operating systems. Even a 
modest number of items can lead to 
dozens of unique configurations. By hav- 
ing a library of VMs prebuilt with all the 
supported platforms and packages, an 
ISV or an in-house helpdesk team can 
quickly assemble the specific configura- 
tion of components a caller might have. 
Helpdesks that emulate customer con- 
figurations from a library of VMs have 
the added capability of being able to set 
up the configuration in real time — while 
the caller is on the line. Configuration 
bugs are particularly easy to identify this 
way, but the solution still works well for 
all problems. It has one other benefit: 
When the call is over, the support engi- 
neer can save the VMs in a library and 
tag them with the customer's name. This 
way, on subsequent calls, the images can 
simply be reloaded without the need for 
configuration again. 

These are three leading-edge use cas- 
es that I think will become fairly stan- 
dard during the next 18 months. Beyond 
them are bleeding-edge applications, 
such as using VMs for load balancing 
and running multiple apps on hardware 
clusters. But I'll cover those solutions 
when they become larger blips on the 
radar screen. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. Read his hlog at 
binstock. hlogspot. com. 
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Moving With Agility 



Most development organizations are 
familiar with services architec- 
tures, composite applications with swap- 
pable components, and continuous tests 
and builds. 

These are different ways of saying 
essentially the same thing. Applications 
need to be flexible so that businesses can 
react quickly to changes in their mar- 
kets, whether seizing new 
opportunities or minimizing 
the effects of downturns. 

Development organiza- 
tions have begun to move 
away from monolithic applica- 
tions that take months or even 
years to create, and then 
months more to implement 
new features or correct prob- 
lems. So, too, have they begun 
to move away from the devel- 
opment processes and practices used to 
create those monoliths. They are 
becoming, in a word, agile. 

A recent survey put together by Ver- 
sion One — a company that sells software 
that helps manage agile development 
projects — found that the respondent 
organizations have been practicing agile 
development at some level for 1.9 years. 

The survey was completed by 722 
respondents representing software orga- 
nizations large and small; 79 percent 
said they work in organizations with 100 
or more developers, and 84 percent said 
agile has been adopted at some level 
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within their organization. 

The survey found that the "initial 
champion of agile development" in 
these organizations was the VP/director 
of development — a change from the 
days when agile came into organizations 
through developers. 

To go with this change, the survey 
also found that Scrum is now the 
most closely followed agile 
methodology. Scrum, ex- 
plained Robert Holler, 
CEO of Version One, is 
focused more on manage- 
ment and less on specific 
disciplines. "There's a direct 
correlation between who's 
leading the charge for agile 
within these organizations 
and the methodology they've 
chosen." 

This marks quite a change from the 
days when the terms "agile develop- 
ment" and "eXtreme Programming" 
were thought to be interchangeable. XP 
called for programming in pairs, mini- 
mal up-front design and analysis, and 
realizing that change is a constant. 

In a larger environment, though, 
there are concerns about too little plan- 
ning, a lack of documentation and a loss 
of management control. In fact, 20 per- 
cent of the survey's respondents said 
"lack of up-front planning" was their 
organization's greatest concern regard- 
ing agile adoption. 



Further, the study shows the greatest 
barrier to increased adoption of agile 
practices in organizations is a lack of 
people with the requisite experience in 
agile development to make it a success. 
Running a close second is the dreaded 
"general resistance to change." 

Holler said it might be that the 
development tools in use within orga- 
nizations are a hindrance, rather than a 
help, to facilitating agile development. 
"Requirements morph. If the tools 
don't, they're perhaps not as useful as a 
wiki page that I can edit constantly, or 
a spreadsheet I can add columns to," 
he said. "The tools might add too much 
structure." 

In the next year, Version One plans 
to integrate components into its VI 
platform for testing, code management 
and continuous integration, effectively 
enhancing the platform for Agile ALM. 
"In ALM, 'requirements' is heavy. Test' 
is heavy. We manage requirements, 
tests and tasks in a lightweight way." 

The survey respondents rated 29 
percent of their non-agile development 
projects "somewhat successful" or "very 
successful." On the other hand, their 
agile projects earned ratings in these 
categories of 89 percent. Increased pro- 
ductivity, reduced time-to-market and 
fewer defects were cited as the top 
three benefits of agile development in 
the survey. 

Clearly, agile development's time has 



David Rubinstein is editor-in-chief of 
SD Times. 



BUSINESS BRIEFS 




SOFTWARE COMPANIES' REVENUES CLIMB 

Microsoft and IBM reported increasing revenues and earnings in their quarter- 
ly reports issued last month, while Sun Microsystems' revenue grew and its net 
loss shrank. 

With server and tools revenue increasing 17 percent from a year ago, Microsoft 
posted first-guarter fiscal 2007 revenue of US$10.81 billion, up 11 percent from Q1 
2006. Net income and earnings per share were $3.48 billion and 35 cents, 
respectively, up from $3.14 billion and 29 cents a year earlier. The results were at 
the top of Microsoft's expectations, according to CFO Chris Liddell. Within the 
server and tools group, SQL Server showed 30 percent revenue growth from the 
prior year. The Entertainment and Devices Division showed revenue growth of 70 
percent year over year, with Xbox 360 sales and Xbox Live membership leading 
the way. For the second guarter, Microsoft expects revenue in the range of $11.8 
billion to $12.4 billion. 

IBM announced third-guarter 2006 revenue of US$22.6 billion, a 5 percent 
increase over the same guarter in 2005. Income from continuing operations for the 
guarter was $2.2 billion, including a one-time charge of $525 million for taxes, while 
diluted earnings per share was $1.45, including the charge. Revenue from the Amer- 
icas was $9.8 billion; EMEA posted $7.3 billion and Asia-Pacific accounted for $4.5 
billion. Software revenue hit $4.4 billion, with middleware brands Information Man- 
agement, Lotus, Rational, Tivoli and WebSphere accounting for $3.4 billion of that. 

And Sun reported fiscal 2007 first-guarter revenue of US$3.18 billion, an 
increase of 17 percent year over year, while net GAAP loss fell to $56 million from 
$123 million a year ago. The company cited revenue from acguisitions and greater 
adoption of the Solaris 10 operating system as reasons for growth. The net loss 
included $21 million in structuring, $7 million in tax effects and $58 million in 
stock-based compensation charges. At the end of the guarter, the company had 
$4.67 billion in cash and marketable debt securities. 



Compuware posted revenue of US$288.5 million 
for its second fiscal 2007 guarter, with net in- 
come of $24.8 million. During the guarter, soft- 
ware license fees were $56.7 million and profes- 
sional services fees were $116.7 million. Also in 
the guarter, the company's board authorized an 
additional $300 million stock repurchase plan 
. . . Prior to its conference at the end of October, 
Oracle announced plans to acguire Sunopsis, a 
provider of data integration tools, to enhance its 
Oracle Fusion Middleware products with support 
for a wide range of data sources and systems. Fi- 
nancial terms were not disclosed . . . XML secu- 
rity appliance provider Layer 7 Technologies has 
received US$8.9 million in new financing, led by 
BDC Venture Capital and GrowthWorks Capital. 
"With the recent market growth in SOA and Web 
2.0 we see tremendous opportunity for infra- 
structure that can help secure, simplify and scale 
Web service deployment," said Joe Timlin, vice 
president of investments at GrowthWorks Capital, 
in a statement . . . Open-source infrastructure so- 
lutions provider SourceLabs has secured US$7 
million from Madrona Venture Group, Ignition 
Partners and Index Ventures. The company 
claims its Continuous Support Solution improves 
software dependability and delivers real-time 
problem resolution. I 



events Calendar 



Application Integration Dec. 4-6 
and Web Services Summit 

Orlando, Fla. 
GARTNER 

www.gartner.com/2_events/conferences/apn17.jsp 



XML 2006 

Boston 
IDEALLIANCE 

2006.xmlconference.org 



Dec. 5-7 



Enterprise Architecture Dec. 6-8 
Summit 

Orlando, Fla. 
GARTNER 

www.gartner.com/2_events/conferences/ea5.jsp 

Web Design World Dec. 11-13 

Boston 

FAWCETTE TECHNICAL PUBLICATIONS 

www.ftponline.com/conferences 
/webdesignworld/2006/boston 



Macworld Conference 
SExpo 

San Francisco 
IDG WORLD EXPO 

www.macworldexpo.com/live/20 



Jan. 8-12 



RSA Conference 

San Francisco 
RSA SECURITY 

www.rsaconference.com/2007/US 



Feb. 5-9 



SCALE 5x Feb. 10-11 

(Southern California Linux Expo) 

Los Angeles 

S0CAL LINUX USER GROUPS 

www.socallinuxexpo.org/scale5x 



SHARE User Events 


Feb. 11-16 


Tampa, Fla. 




SHARE 




www.share.org 




LinuxWorld 


Feb. 14-15 


OpenSolutions Summit 




New York 




IDG WORLD EXPO 




www.linuxworldexpo.com/live/14 




EclipseCon 


March 5-8 


Santa Clara 




ECLIPSE FOUNDATION 




www.eclipsecon.org/2007 




Game Developers 


March 5-9 


Conference 




San Francisco 




CMP MEDIA 




www.gdconf.com 




Developer Relations 


March 12-13 


Conference 




San Francisco 




EVANS DATA 




www.evansdata.com/drc 




BrainShare 


March 18-23 


Salt Lake City 




NOVELL 




www.novell.com/brainshare 




SD West 


March 19-23 


Santa Clara 




CMP MEDIA 




www.sdexpo.com 




4th Software 


April 16-17 


Security Summit 




San Mateo, Calif. 




BZ MEDIA 




www.S-3con.com 





For a more complete calendar of U.S. software 
development events, see www.bzmedia.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 
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off with the A Itovfl* XML Suite, and 
e ^ off ihe top fools for XML development. 

id udsd with the Altova XML Suite 2007: 

• Altava XMLSpy* Map Force* and SlyleV;aori* Entwpisa or Professional Editions 
• PJue Attova SctfiemaAgent". SernanticWorks™, and DiffDoB* with EnflerpilBe Ed [flan 
# Afcg get a FREE copy ot Attova DgtebasaSpy " 2G07 tor a limited time* 

The Altnvs XML 3uite 2007 delivers the latest raleasas of \world*s "eading XML 

it tools all fri an unrtvatGd CteaL IE conttfFns ANova XMLSpy; Iho Indui 
XMLdoveiopfnpni envirwime^?: Map Farce, The premier date intefli 
and Web services imptemenlHiion tool; ^nd StylfeVisiDn, the ultimate visual styteahefit 
designer, What's mof^j the Enterprise Edition also indudas XMi- Schema manai 
nantfc Vvabi a«J XML^wara dllferanol 
Download the Altova XML Suite today: www.altcwa.cQm 
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'Special otter: Now until Dec. 24, 2Q0B, 

pirfChy$^ qc upgrade Ed Ihe AllOua XML Suile 
and get ihe NEW Allova Data bas9 Spy 
database qLcry antif dusiyn tool for FREE] 
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Automated 

Build Studio 

simplify your deployment 
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Automated Build Studio is rhe perfect 
too! for building and releasing our 
software and it makes my working day 
so much easier. 
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I VISUAL MACAO C BEAT ION 
Jii if drag and drnpopenafam 
* nd set parameters 



I POPULAR TOOLS SUPPORT 

Built-in support for more 
t ha n 400 bu Id and deploy 
operations 



ISWPiIFY BUILD PROCESSES 

Eliminate manual operations 
and ccuTiplicaLed w.ripti 



I REMOTE WES INTERFACE 
Launch arid mtinilar buikta 

secur^y from sny web 

browser 




I DETAILED RtPORTS 

hvE-cutiv^ uvcirvicw 
and dialled kig* vta 
tii u Desktop dteni w 
W«5b bfovir«i 



1 VfcSUAL STUDIO INTEGRATION 

Run slar id-alnnff ar ■nti i g r aLed 

with Microsoft Vlsus I Sttwla 






I CUSTOM OPERATIONS 

Ea 5 ?3y create nsvu DpEiatdana 
Wild the comprehensive SDK 



Automated Build Studio is a release management system that provides an easy and 
visual way to automate the software development buTltf and deployment process, 
Create visual macros with drag and drop pre-buiit operations. More than 400 built-in 
operations are included for mon popular tools, 




DOWNLOAD A FREE TRIAL 

ww w,a u tomated qa . co m/abs/sd off e r/ 



S 349.99 



NjTTOdtiwrlicmse 

Eancwient & she HosEes aw Haale 

■ ffl Day Money I3eck Guarantee 

■ UnlUmltMJ Online Support 
- Ff ee Evaluation 



AutomatedQA 

702-891-9424 



